Hello, I would like to ask you whether there is some safe way how to display html output from some rich editor (e.g. TinyMCE)? In order to display html it is necessary to switch off model escaping [1] which is opening a door for XSS. I was thinking about some converter [2] which would escape only JS related stuff (e.g. <script>, onclick, ...) but I didn't find any escaping method which works this way.
Thank you, Dan [1] https://github.com/wicketstuff/core/blob/master/tinymce4-parent/tinymce4-examples/src/main/java/wicket/contrib/examples/tinymce/InlineTinyMCEPage.java#L24 [2] https://gist.github.com/dsimko/2cd931444ba93a1c841e2d3f4fed0db8