sanitize html #29
Description
There needs to be html sanitization for a few reasons
- prevent cross site scripting attacks
- allow copying text from word processors into the text field
Implementation details
- cross site scripting can only be properly handled by sanitizing the html on the server side in php
- for this we are going to use html purifier (www.htmlpurifier.org)
- copying text from word processors can be handled on the client side in js
- for this we are going to use xhtml purifier (https://github.com/biilmann/javascript-xhtml-purifier)