I'd like to use Ckeditor for an internal messaging system on a website.
I'd like that users can format text but I'm aware of vulnerabilities, is there any way to make a compromise ?
I've heard of a BBcode plugin, or ways to sanitize data entered from another topic (CKEditor security best practices), how would it work ?
If you want to clean your code just in CKEditor (in client side ) check
http://docs.ckeditor.com/#!/guide/dev_advanced_content_filter
PS. but i suggest to perform clean in backend too.