[CKEditor] Cross Scripting

Forge Component
Published on 8 May by leonardo.fernandes
22 votes
Published on 8 May by leonardo.fernandes

Is there a way to prevent Cross Scripting in the rich editor (e.g. links to JS commands), without loosing the markup for other html tags (e.g. bold, bullet list) ? Or is this a case of 'all or nothing' markups ?


CKEditor can have allowed and disallowed content so you can keep basic formatting whilst stripping javascript etc. In fact from memory javascript was striped by default.

Some details on the CKEditor page itself.