Home > Tutorials > PHP Tutorials

Security issues with CKEditor

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
CKEditor is a visual editing tool that, when committed, is "HTML code" on the server side of the post,

Although some unsafe code is automatically filtered in "WYSIWYG" mode on the client side, it does not guarantee that the server is receiving secure HTML code, does ckeditor provide a server-side HTML filtering tool?


Reply to discussion (solution)

The data submitted by the client is not always reliable, and it is necessary for the server to do some validation.

Does the ckeditor provide a server-side HTML filtering tool?
Want to know whether the plug-in has a function, then you have to look at its source code, the analysis will know,
But you still have to check the service side, to avoid the presence of bugs.

Thanks to the upstairs two-bit answer, it is true that server-side detection is performed. The key is how to ensure the integrity of HTML elements?

For example: Users upload non-standard HTML code, such as:

123

456789

Aaa

The code and the system's original code mix may be messed up, but you can't disable these HTML code, they may be a picture, a link or some style, how to avoid this situation?

If on the server side also to do this kind of processing, feel is to do a system, the difficulty is very big Ah, please expert advice ~ ~ ~

What labels should be filtered on the server side? Like what:






What else has to be filtered???

CKEditor where is the file code to be filtered when converting from Sourse mode to Wusiwug mode? Have to know the master please say Ah, thank you ~ ~ ~

    • This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    Get Started for Free

    • Sales Support

      1 on 1 presale consultation

      Chat Contact Sales

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

      Open a Ticket

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

      Learn More