Sometimes you want to use CKEditor in a page where you can't fully trust the users, so they will have a restricted version with just some basic features: headings, bold, maybe links and images...
Of course it's easy to adjust the toolbar to show only those options, and with a good filter at the server you can be quite safe to accept the situation, but it would be even better if anything that will be stripped out at the server couldn't be added to the editor for example by pasting.
The fact is that using the dataProcessor of CKEditor it isn't too hard to setup something basic to perform the task: listen for each element and reject the ones that aren't whitelisted.
Download: Whitelist plugin for CKEditor 1.1
Please, remember that you must use a filter at the server to perform at the very least the same filtering (or better) because this is not a real security option.
For PHP you can use HTML Purifier, in the case of Asp.Net previously the solution was the Microsoft AntiXss library but in January they released a broken version and haven't fixed it despite the complains. (Does anyone know an alternative solution)
This sample uses the default whitelist so it won't allow most HTML elements, and only basic attributes on links or images.
Updated to version 1.1 to fix the attributes bug mentioned by Chris Hough