Hi folks,
To keep my tinymce texteditor working using html codes, I removed this function from my posting form. Is there any security issue may occur??? and how to fix this.
Thx in advance
I don't know if TinyMCE does any filtering or validation, but you may want to implement [man]strip_tags/man to only allow certain HTML tags.
Otherwise, you'd be risking XSS vulnerabilities (or just plain defacement).
