5 Replies Latest reply on Jan 12, 2018 12:09 AM by kautuksahni

    Allow HTML tags in rich text editor

    aembytes Level 1

      We need to allow our users to have source html tags in rich text editor. currently even if the user adds <a href="www.google.com">Click here</a>, the xssprotection file strips off the href attribute.

       

      We do not want to keep on adding each tag and it's attribute to the xssprotection file to allow users to add.

       

      As much as there is a XSS risk, what's the best way to provide the flexibility without compromising security.