I’m using TinyMCE and would like to prevent cross-scripting attacks. Using HTML Purifier, I’ve been attempting, unsuccessfully to figure out “encoding”. For example, if the HTML in my TinyMCE is:
<p>x>4 and x≥2</p>
after I send it to my database it looks like
<p>x>4 and xâ‰¥2</p>.
The weird thing is that when I then call the entry from my data base it looks correct on the screen. I would really like to my database and the webpage to match up!
The good news is that I know that this has SOMETHING to do with encoding. However, I fear that after spending a few days reading up on encoding, I feel more confused than ever. If someone is familiar with HTML Purifier and could offer me some assistance I’d appreciate it.
Thanks so much,