Tinymce a security risk?
Posted: Mon Jul 09, 2007 12:30 am
I considering to use tinymce as an editor for a forum and comment system, my question is then, would it a security risk to use that kind of WYSIWYG editing?
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
I am using mysql_real_escape_string on all queries to the database, would that be good?feyd wrote:It's only a security risk if you accept its submissions as authoritative.
I was actually referring to XSS as well as malformed tags and such, but yes, you should escape the input always too.zephid wrote:I am using mysql_real_escape_string on all queries to the database, would that be good?