Hello,
I tried the Redactor-Extension for Yii and inserted this example-code into the redactor html-view:
<p onclick="javascript:window.location.hash='!/var1/var2/';">Lorem ipsum<b> dolor sit amet</b></p>
The JavaScript part is going to be executed in the WYSIWYG-View. This could be a potential security risk. If someone can insert malicious JavaScript code in this field he can take the control of cookies/browser-session, everything.
Is there any way to prevent Javascript from being executed in redactor?