How can I allow WYSIWYG editors and disable XSS attacks using Laravel?

Question

I have a enterprise level application where logged in users are authorized to post articles to page using a WYSIWYG editor. (You can consider this application as a website build

Answer 1

Can you run everything through strip_tags and just allow the minimum tags possible?

You may also want to look at html purifier which should give you more options including control over css

What I usually do is save two copies of the WYSIWYG content:

1. the original unfiltered content
2. the filtered content

This allows me to reprocess the original content if I find that something vital has been stripped out and also show the user their original html when editing. Obviously I display the filtered content wherever it is displayed on the site.