Replying to Wysiwyg editor security
googled for quite some time, didnt find anything small and nice.
i wanna use a wysiwyg editor for a certain project. problem is, it is only really functional if users CAN edit a lot of things. starting from font/bg colours, sizes, bold/italic, tables, images and going as far as audio/video embeds.
really what shouldnt be allowed is some horseshit other html tags and script languages.
i looked into html purifier and i am not sure if it fits the bill and how long it would take me to configure it properly. thing is HUUUGE and kinda slow too. obviously it is was jesus would use if he was a programmer, but idk if it isnt an overkill for me.
also wondered if it was faster to write a "cheap" whitelist myself in PHP?
stuff like this normally was already done. most google results deal with COMPLETE sanitation, like stripping ANY tags for names/passwords and such shit, but i am not necessarily successful finding a small solution that allows wysiwyg-type of input with all the corresponding tags.
maybe its a longshot, but i know there are a few programmers on here who could give me some tips or at least send me a link or whatever to point me in the right direction.
Click to expand post