In an article from the Zend Developer Zone by Manuel Lemos, there's a look at how to avoid cross-site scripting security attacks on a site that allows users to input information via a HTML editor.
HTML editors are great. However, care must be taken to avoid security abuses. An application that uses HTML editors, expects that the submitted HTML content comes correctly formatted and well-formed. That happens when real users use real browsers to edit the content.