Think WordPress, or any other CMS. They give the average Joe the ability to craft web page content. If you find yourself in this situation, try one of these editors.
These guys have been around for quite some time.
This is the editor actually used by WordPress.
If you want to go for a simple and compliant method, you can use contentEditable attribute and the execCommand function. This is demonstrated on Barney Parker’s site.
Check-out the information on Rich-Text Editing can be found on Mozilla’s site.
Taking this concept to a really nice conclusion is: http://getcontenttools.com/
I would try this the next time I need an on-page HTML editor.
If you are allowing people to enter content into your website, and then presumably display it back later, you must be certainly to filter their content. In a nutshell, escape everything. Some people escape it prior to going into the database, others do it right before generating the webpage.