Nathan H
Reputation: 49371
Is CKeditor safe for letting end-users submit content?
I am about to let some users publish articles on my site.
To make it easier for them, I was thinking of using a CKeditor, let them have links, images, formating, etc ...
However I was thinking of javascript. Can someone inject javascript or will CKeditor clean it up? Do I need my own filtering?
Upvotes: 2
Views: 1031
Answers (1)
Lekensteyn
Reputation: 66405
Content submitted by the user should always be checked, even if an application like CKeditor generates valid code. You can use HTMLPurifier for serverside sanitizing.
Upvotes: 5
Related Questions
- Is data via Ckeditor safe from XSS attacks from the way I see it saved in the database?
- How to use CKEditor as form input?
- Prevent XSS in CKEditor
- Preventing CKEDITOR from modifying HTML
- Preventing Vulnerabilities in ckeditor?
- Upload files from users local path using ckeditor?
- How to Secure Data Submitted Through CKEditor
- Is it safe to hook into insertElement event?
- CKEditor security best practices
- WYSIWYG editor security question (preventing malicious input)