How can I allow WYSIWYG editors and disable XSS attacks using Laravel?

Question

I have a enterprise level application where logged in users are authorized to post articles to page using a WYSIWYG editor. (You can consider this application as a website build

Answer 1

I beleive that xss attacks are an output problem.

There is no security risk if you store

in your database - it is just text - it doesnt mean anything. I encourage escaping all output, regardless where it came from. Here is a good discussion with further points on why you should filter output, not input:

html/XSS escape on input vs output