[development] WYSIWYG editors

Joakim Stai joakimstai at gmail.com
Tue Mar 13 00:52:10 UTC 2007


On 3/12/07, Karoly Negyesi <karoly at negyesi.net> wrote:
> Regarding security, those who use such a module, might be inclined to
> relax the tight security of filtered HTML to allow fancy features of the
> editor and there it goes. Indeed what you see is what you get even if it's
> XSS.

As for XSS, there is a HTML Purifier (http://hp.jpsband.org/) module
for Drupal being developed outside of drupal.org, worth checking out:
http://bart.motd.be/projects/html-purifier-drupal-module


More information about the development mailing list