I use the htmlEditorExtender, and I process the output of it through a filter (that I wrote) that looks for bad syntax in html, such as unbalanced start and end tags. My code also removes dangerous tags and dangerous attributes.
I set enablesanitization of the extender to True because I don't trust my code 100%, and I need to remove the danger of XSS (injection of dangerous scripts and so forth).
I find that if I do set this property to True, my own code reports unbalanced tags.
I also find that any anchor-href-links get encoded and shown by the Ajax Control Kit Sanitizer. (My own code afterwards would remove the links, but the links are not there any more, because they are translated into encoded form).
So there are two problems - the sanitizer doesn't remove links, it instead encodes them, and secondly, it results in unbalanced html.
So I had to turn off sanitization.
Thanks.
Comments: Would you please provide a sample html input to narrow down the problem with the sanitizer?
I set enablesanitization of the extender to True because I don't trust my code 100%, and I need to remove the danger of XSS (injection of dangerous scripts and so forth).
I find that if I do set this property to True, my own code reports unbalanced tags.
I also find that any anchor-href-links get encoded and shown by the Ajax Control Kit Sanitizer. (My own code afterwards would remove the links, but the links are not there any more, because they are translated into encoded form).
So there are two problems - the sanitizer doesn't remove links, it instead encodes them, and secondly, it results in unbalanced html.
So I had to turn off sanitization.
Thanks.
Comments: Would you please provide a sample html input to narrow down the problem with the sanitizer?