I want to use Summernote WYSIWYG editor on my website that I am making with Laravel 5.2, however, here is one problem: when I submit my form, I get all my code in HTML. Because of that, I can't escape my HTML, because all style will not work, but if I don't escape HTML, my website will be vulnerable to XSS. What should I do?
Thanks for your help.
I am really sorry because the solution that solved my problem is sooooooo late, but I saw that 4 people were interested in this question, so I decided to post it.
Even if first I didn't notice, later I found out that the best thing to use in this situation is a HTML purifier for Laravel 5 (for example this one) because it cleans all unsafe html, so result should be safe even if user can post with html. That makes summernote pretty safe to use. I do not really know, if htmlpurifier still has any security issues, but all my tests were filtered as needed, so I think it should be secure enough.
Hope it helps someone. Sorry again, forgot about this question after I found a solution...