Your wysiwyg editor is prone to multiple xss security vulnerabilities via 'on' events (onclick, onerror, etc.), and potentially others attributes that let's you inject javascript code.
PoC :
<img src='http://invalidimageurl.com/lakzelazkemlkazmlek' onerror='alert(document.cookie)'/>
Xss may let you steal sensitive session information, and thus, impersonate an authenticated user.
I can't use this module since i need 'bullet-proof' user-input sanitization of a text-editor.
Your wysiwyg editor is prone to multiple xss security vulnerabilities via 'on' events (onclick, onerror, etc.), and potentially others attributes that let's you inject javascript code. PoC :
<img src='http://invalidimageurl.com/lakzelazkemlkazmlek' onerror='alert(document.cookie)'/>
Xss may let you steal sensitive session information, and thus, impersonate an authenticated user. I can't use this module since i need 'bullet-proof' user-input sanitization of a text-editor.
Ref: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Regards