I am using TinyMCE editor for textarea fileds in Django forms.
Now, in order to display the rich text back to the user, I am forced to use the "safe" filter in Django templates so that HTML rich text can be displayed on the browser.
Suppose JavaScript is disabled on the user's browser, TinyMCE won't load and the user could pass <script>
or other XSS tags from such a textarea field. Such HTML won't be safe to display back to the User.
How do I take care of such unsafe HTML Text that doesn't come from TinyMCE?