Editor & Markdown: Security

[BubeDameKoenig]

In this Laravel video, Stephen Rees-Carter talks about how editors & markdowns are a major security risk. Is there a way to increase security by default?

https://youtu.be/q6z2gNlF54o?t=577

[jeffchown]

According to the TipTap documents, there is the ability to add a nonce, via: https://tiptap.dev/docs/editor/api/editor#injectnonce to help address the possibility of cross-site-scripting.

I haven't looked into how to implement it, but it could be a place to start.

[joshhanley]

@BubeDameKoenig this isn't a feature request and more of a question, so I'm going to close it. If you think something specific should be improved, then please submit that as a feature request or if you think this is a problem then please open an issue.