问题
I am about to let some users publish articles on my site.
To make it easier for them, I was thinking of using a CKeditor, let them have links, images, formating, etc ...
However I was thinking of javascript. Can someone inject javascript or will CKeditor clean it up? Do I need my own filtering?
回答1:
Content submitted by the user should always be checked, even if an application like CKeditor generates valid code. You can use HTMLPurifier for serverside sanitizing.
来源:https://stackoverflow.com/questions/3876203/is-ckeditor-safe-for-letting-end-users-submit-content