I'm looking for any experience someone can share regarding the usage of a rich text editor such as YUI's rich text editor. In particular I'm interested in how to deal with or prevent issues with
Any similar questions you can provide links to or web articles would be appreciated.
The recommended way is to use whitelisting. We use Antisamy for it and some custom XPath Expressions. with antisamy you can define which tags and which attributes are allowed. For the attributes you can define lists of valid values or regular expressions which describe a valid value. The issue of cross site scripting can be mitigated quite good with whitelisting.
http://www.owasp.org/ has a lot of good resources and guidelines about web application security. (So you can read about more issues like Cross Site Request Forgery, SQL injection, ...)
What questions do you have about image or attachment handling?