How secure is this?
+ HotEditor will create HTML code and auto translate tag < to #ed_op# and tag > to #ed_cl# when user submit their post
+ Inside PHP script I add the php code to translate #ed_op# & #ed_cl# back to < > to display HTML message on the board.
If for somehow user add thier post like this:
<span onclick="alert('GO GO GO')">TEST</span>
My MOD will translate it to
<span ="alert('GO GO GO')">TEST</span>
onclick is removed. In this way your board won't mess up.
Hope it will help.