Quantcast
Channel: AjaxControlToolkit Work Item Rss Feed
Viewing all articles
Browse latest Browse all 4356

Closed Unassigned: sanitizer causes unbalanced html [27861]

$
0
0
I use the htmlEditorExtender, and I process the output of it through a filter (that I wrote) that looks for bad syntax in html, such as unbalanced start and end tags. My code also removes dangerous tags and dangerous attributes.
I set enablesanitization of the extender to True because I don't trust my code 100%, and I need to remove the danger of XSS (injection of dangerous scripts and so forth).
I find that if I do set this property to True, my own code reports unbalanced tags.
I also find that any anchor-href-links get encoded and shown by the Ajax Control Kit Sanitizer. (My own code afterwards would remove the links, but the links are not there any more, because they are translated into encoded form).
So there are two problems - the sanitizer doesn't remove links, it instead encodes them, and secondly, it results in unbalanced html.
So I had to turn off sanitization.
Thanks.

Viewing all articles
Browse latest Browse all 4356

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>