Is TinyMCE secure enough to allow users use it?
I mean, I want to allow my users use some buttons as bold, italics, etc just some basic options. What I don't know if it will prevent any xss, java script injection, etc
Is it safe enough?
As a general rule you never really let the user use a WYSIWYG editor you give them a BBCode editor or something along those lines. Though if you use it tangent with a class to clean the html (as DeMo posted about HTML purifier) then I suppose it can still be used.
"What everyone seems to forget is that while knowledge certainly is something - it's the implementation of knowledge that brings power" - Andres Galindo.
"The reasonable man adapts himself to the conditions that surround him... The unreasonable man adapts surrounding conditions to himself... All progress depends on the unreasonable man." - George Bernard Shaw
I found this: http://markitup.jaysalvat.com
Looks like a great thing, it's a plugin to jQuery :) that create a nice interface for BBcode, Textile or even HTML, so it seems like an amazing plugin...
Thanks to all