How can I allow WYSIWYG editors and disable XSS attacks using Laravel?

Question

I have a enterprise level application where logged in users are authorized to post articles to page using a WYSIWYG editor. (You can consider this application as a website build

Answer 1

i do'nt know how feasible this is for you, but one quick and easy solution is to use httpOnly cookies . It resolves XSS attacks via injection of malicious javascript as those cookie are not accessible to javascript.You can try to put senstive data in httpOnly cookies and not so sensitive data in normal cookie. See this : http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html