How can I allow WYSIWYG editors and disable XSS attacks using Laravel?

前端 未结 5 1170
你的背包
你的背包 2021-02-08 22:31

I have a enterprise level application where logged in users are authorized to post articles to page using a WYSIWYG editor. (You can consider this application as a website build

5条回答
  •  予麋鹿
    予麋鹿 (楼主)
    2021-02-08 23:28

    using Laravel you might also have to sanitize for blade template stuff. You don't want users entering in stuff like: {{{phpInfo()}}}.

    Building a WYSIWYG editor requires the users to have some level of trust. If you don't trust the users at all your best option is what is mentioned earlier using custom tags.

提交回复
热议问题