Monday, November 30, 2009

CKEditor and Cake

I have added the CKEditor to cake and changed the js config to only allow <ul><li> and <b> tags, but is there a security measure to prevent the user from modifying the code? I can firebug the editor and add class="something" or what ever and destroy the view. How can you prevent anything like that? I tried beforeSave to stripAll but still ends up in the db.
 
Any ideas how to implement the editor safely?
 
Thanks
 
Dave

No comments: