Channel.trigger can send ANY data to subscribers without checking

[ikasoumen]

Hi,

I want to broadcast messages including HTML tags, but there is a security problem cause of channel.trigger.
I try to send messages including script tags to all subscribers with browser console, and then they received this message without checking in the server side's controller.
So I wanna disable this function "channel.trigger". Do you have any good Idea?

Thank you for reading.

[Uelb]

You now have access to the filter_for_channels method. Is it enough for what you want ?