# There needs to be html sanitization for a few reasons - prevent cross site scripting attacks - allow copying text from word processors into the text field # Implementation details - cross site scripting can only be properly handled by sanitizing the html on the server side in php - for this we are going to use html purifier (www.htmlpurifier.org) - copying text from word processors can be handled on the client side in js - for this we are going to use xhtml purifier (https://github.com/biilmann/javascript-xhtml-purifier)
There needs to be html sanitization for a few reasons
Implementation details