If backend then 'Don't do that!' if frontend then maybe the psp file you found this in will help speed things along :-)
It is backend.
How can you be so sure that in a site with multiple backend users, all of them have good intentions?
@Electrocity
It does not happens in my TinyMce editor at least
It converts every HTML code to HTML entities equivelants
<p>" onclick="alert(25);</p> //This is what i get in the HTML code
You know what this means?
That everyone who has access to backend can get other users cookies or redirect them to a malicious site whenever he likes