Hi, I'm using the Dojo editor element in my forms, but have a security concern about it. Because it converts markup as HTML (, etc.), you can't escape the output without losing the benefits of the formatting.
How, then, do you ensure your users don't insert anything malicious into your page? (striptags appears to be disabled on this form element, in order for it to work at all) -- View this message in context: http://www.nabble.com/Zend_Form_Dojo-Editor-security-concern-%28escaping-output%29-tp22782919p22782919.html Sent from the Zend Framework mailing list archive at Nabble.com.
