We are taking security of Article Editor very seriously. However, due to the fact that the editor is written in Javascript, this does not allow protecting against all attacks and vulnerabilities by 100%. No matter how we build the code cleaned using editor tools, an attacker can use Browser Inspector or other tools to inject vulnerabilities into editable content.

That’s we strongly recommend you to perform a server-side clean-up of a code that you receive from Article Editor.

Here are some of the checks that you need to do with the server-side: