ZF-8127: Security issue in Zend_Dojo_View_Helper_Editor
Zend_Dojo_Form_Elements_Editor is generated from in Zend_Dojo_View_Helper_Editor and this is security issue. This is in Dijit documentation: dijit._editor.RichText is the core of dijit.Editor, which provides basic WYSIWYG editing features. It also encapsulates the differences of different js engines for various browsers. Do not use this widget with an HTML tag, since the browser unescapes XML escape characters, like <. This can have unexpected behavior and lead to security issues such as scripting attacks.
Zend_Dojo_Form_Elements_Editor must be generated from div!