1 Reply Latest reply on Jan 19, 2010 6:33 PM by Nick Belaevski

    rich:editor - security

    Jan Gurda Newbie

      Hi,

       

      This is my first post on this forum so I would like to say hallo to all of you.

       

      Im going to use rich:editor to get data from users and display it later on the other web site. But some things aren't clear for me. How are you handling security of rich:editor? I have read something about security of TinyMce, and it looks good but TinyMce can be bypassed. Malicious HTML/CSS/JS code can be injected directly to textarea and submited. And what then? Are there some java libraries to analyze html/css/js code and remove dangerous parts? Or should I implement it myself?

       

      Thanks in advance for replies,

       

      Jan