I've web-project, where I allow users to use CKEditor, and thats why I need to secure me from any XSS. How do I minimise any risks of being "attacked" with XSS?
I don't know if this will be enough, I guess no:
strip_tage(Input::get('text'), '<p><a><h1><h2>');
So question is how to be XSS Clean from CKEditor on server-side and what I need to do on CKEditor side, which plugins to remove (as I removed source code plugin, maybe I also should remove styles plugin??)???