I am currently working on a project that involves creating a simple template editor using CodeMirror. In this project, users can edit two sections: one for HTML and another for SCSS. The code from both editors is saved to a database and can be live previewed by the users.
My concern is the security of the application, particularly the potential for users to add or execute JavaScript and server-side PHP code within these editors. I want to ensure that the HTML editor only allows HTML code and the SCSS editor only allows SCSS code, without any potential for JavaScript or PHP execution.
I would appreciate any guidance, best practices, or suggestions on properly securing both editors to prevent users from adding or executing JavaScript and PHP code.
Thank you