I saw Kohana framework allowing users to optionally use HTMLPurifier against any possible XSS attack开发者_如何学Pythons.
In jWYSIWYG editor, pushing enter inserts <br />s. Instead of this, I would prefer that pushing enter would wrap chunks in <p> tags.
I have used HTML purifier to weed out any suspect stuff coming in from my public facing WYSIWYG editor. The incoming HTML is also displayed in the public portion of the website.
加载中,请稍侯......