I apologize if a question like this has already been asked. I couldn't find one.
So basically, I am using ckeditor(the basic version) and laravel 5.1. I had no problem implementing it, I am just ultra paranoid about validating the information server side. I am using the blade template engine. In my view, when rendering the data, I am doing something like {!! $something->info !!}, not {{ $something->info }}, because I expect html tags such as <a></a>, <b></b>, etc.
Well what happens if a user types something like <script>alert(1)</script> or even worse ...
All in all, I am asking whether you can share some good practices, maybe using a function where I can say which tags are allowed...
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire