| 1234567891011121314151617181920 | 
WYSIWYG - What You See Is What You Get    HTML Purifier: A Pretty Good Fit for TinyMCE and FCKeditorJavascript-based WYSIWYG editors, simply stated, are quite amazing.  But I'vealways been wary about using them due to security issues: they handle theclient-side magic, but once you've been served a piping hot load of unfilteredHTML, what should be done then?  In some situations, you can serve it uncleaned,since you only offer these facilities to trusted(?) authors.Unfortunantely, for blog comments and anonymous input, BBCode, Textile andother markup languages still reign supreme.  Put simply: filtering HTML ishard work, and these WYSIWYG authors don't offer anything to alleviate thattrouble.  Therein lies the solution:HTML Purifier is perfect for filtering pure-HTML input from WYSIWYG editors.Enough said.    vim: et sw=4 sts=4
 |