[TBD] xss

[lichunqiang]

PHP

https://github.com/yiisoft/yii2/blob/master/docs/guide/security-best-practices.md#avoiding-xss

使用 \yii\helpers\HtmlPurifier

前端预览

https://github.com/lichunqiang/getyii/commit/de75322363470f9d6bd7c5637f00c11b44a62488

[forecho]

RP 呢？

[lichunqiang]

js 已经改了，主要是考虑php的处理

Note that HtmlPurifier processing is quite heavy so consider adding caching.

[lichunqiang]

https://github.com/cebe/markdown/issues/106 cebe 说也要用 HtmlPurifier

晚上回去改完发，但是性能问题需要考虑哈