I am currently building an administration panel. There is a page where a file containing HTML is loaded into a html editor (TinyMCE) and is saved to the same file that was loaded (to save the changes).
The file is simply a page that has dynamic links that are to be interchanged from an administration panel. If all of these pages were the same, then I would simply save core values to a database and then load specific sections, however that is not the case as there are many variations of the templates, it's rare that any two are the same.
Therefore, I wanted an application that clients could use to edit these pages themselves. How would I go about saving these files in a secure way that strips any malicious behavior?
Thank you.