Reputation: 41
Tinymce and best method for filtering input
I am planning on using Tinymce but I am a little stumped on the security issues it will bring as I will be allowing logged users to create blogs on the site.
I will be allowing them to place image sources and URL links so they can link stuff to other websites to create a better blog and experience for the reader and possibly allow them to add a embedded video if it is not to hard to accomplish on a safe scale.
I understand that i am able to use mysqli_real_escape_string but I am unsure whether that will effect image sources and URL links and what security risks come with using mysqli_real_escape_string if it does allow users to insert images and URLs.
Is there better methods out there to get the service that I would like to give my writers and readers of the blogs that are created.
I understand that there will always be a certain degree of a security issue if I allow logged users to create blogs but I am unsure what levels of security I should use and the effects it will have on the finished blog.
Thanks for you time.
Upvotes: 0
Views: 95
Answers (1)
Reputation: 53
You could try HTML Purifier.
You should also consider converting your code from mysqli to PDO for better security.
Upvotes: 1
Related Questions
- How to save inputs wihtout html tags in mysql database?
- Securing User Input
- Input filtering in PHP
- Textarea protection against mysql injection- PHP
- Efficiently sanitize user entered text
- How to secure $_POST of php without making quotes and other things
- TinyMCE, PHP and MySQL: security and escaping questions
- Is it ok not to clean user input in this situation (PHP/MySQL)?
- TinyMCE security question: How do you prevent malicious input?
- Input filtering in PHP?