Re: PHP WYSIWYG Editor
i don’t think WSIWYG editors can be used for cross site scripting attacks as it does not accept any extra html codes other than the defined ones… for instance if you write “< html >” it will generate “< ; html > ;” …or no? 
anyways bbcodes are same as html codes just they are presented alternatively to the user for easy use for example if yuo write " ** Hello World **" the data will go as “< b >Hello World < /b > </ b>” to the database…