我在我自己建立的一个小型PHP/MySQL论坛中使用http://ckeditor.com/。我的问题是:
Is it safe to save user-created HTML like this in the database and then re-display it in my application? What precautions should I take to keep the users of my forum safe from script injection and the like?
<p>test</p> <span style="font-size: 14px;">test</span>
Would it be safer to use BBCode instead of HTML? I tried the ckeditor bbcode plugin but it lacks some basic formatting like text alignment ... Does anyone know how to extend the plugin to add text alignment to it?