This content has been marked as final.
Show 3 replies
-
1. Re: RICH:EDITOR - IS IT SAFE TO PLACE IT ON A PAGE???
meetoblivion Jan 31, 2009 4:50 PM (in response to cocolino)in theory they could. there's a specific button that lets you edit the html source. if you display it, they can put their own scripts in. if you don't display it, tinymce strips out the <'s and >'s into html entities.
-
2. Re: RICH:EDITOR - IS IT SAFE TO PLACE IT ON A PAGE???
nbelaevski Feb 1, 2009 5:44 PM (in response to cocolino)1. Use SeamText. It allows only the safe subset of HTML
2. Develop your own validator (e.g. using this library: http://code.google.com/p/owaspantisamy/) and attach it to the rich:editor in order to check user input against scripts or another unwanted tags. -
3. Re: RICH:EDITOR - IS IT SAFE TO PLACE IT ON A PAGE???
cocolino Feb 1, 2009 6:25 PM (in response to cocolino)Thanks for advices guys!