version 15.1.4 has problem with displaying more than ONE image SRC.
First image is correctly "unsanitized"/html decoded as
(spaces added for readability)
__& amp ;__
but second one
__& amp ; amp;__
third:
__& amp ; amp; amp;__
and so on...
bad output:
first: <img src="/getfile.ashx?ps=htmedit& amp ;rs=test.png">
second: <img src="/getfile.ashx?ps=htmedit& amp ; amp ;rs=test.png">test
how to reproduce:
- use htmleditorextender with ImageInsert enabled and EnableSanitization="true":
<Toolbar>
<ajaxToolkit:InsertImage />
</Toolbar>
- now in editor insert 2 or more images
- save it:
Dim s As String = HttpUtility.HtmlDecode(eTXTM1.Text)
s = s.Replace("& amp ; amp ;", "& amp ;") ' little workaround, doesnt helped
save it to DB or elsewhere
- reload into textbox in new page(full reload) on Page_Load:
If Not Page.IsPostBack Then
eTXTM1.Text = HttpUtility.HtmlDecode("saved text").ToString)
' value in eTXTM1.Text is so far so good. But at the end of page_load not.
end if
- boom and the __& amp ; i multiplicated
Comments: Thank you for reporting this issue. It is fixed and will be available with the next release. You can download the latest [source code](https://ajaxcontroltoolkit.codeplex.com/SourceControl/latest) to see the changes. Please note, that the sanitizer modifies any suspicious HTML to make it non-suspicious. This can lead to a new markup that is detected as suspicious. In current case '&' persists after sanitizing and will be sanitized again. To get rid of recursive sanitization, you can show the unmodified HTML to a user between postbacks, but save the sanitized markup to your storage to ensure it is not dangerous.
First image is correctly "unsanitized"/html decoded as
(spaces added for readability)
__& amp ;__
but second one
__& amp ; amp;__
third:
__& amp ; amp; amp;__
and so on...
bad output:
first: <img src="/getfile.ashx?ps=htmedit& amp ;rs=test.png">
second: <img src="/getfile.ashx?ps=htmedit& amp ; amp ;rs=test.png">test
how to reproduce:
- use htmleditorextender with ImageInsert enabled and EnableSanitization="true":
<Toolbar>
<ajaxToolkit:InsertImage />
</Toolbar>
- now in editor insert 2 or more images
- save it:
Dim s As String = HttpUtility.HtmlDecode(eTXTM1.Text)
s = s.Replace("& amp ; amp ;", "& amp ;") ' little workaround, doesnt helped
save it to DB or elsewhere
- reload into textbox in new page(full reload) on Page_Load:
If Not Page.IsPostBack Then
eTXTM1.Text = HttpUtility.HtmlDecode("saved text").ToString)
' value in eTXTM1.Text is so far so good. But at the end of page_load not.
end if
- boom and the __& amp ; i multiplicated
Comments: Thank you for reporting this issue. It is fixed and will be available with the next release. You can download the latest [source code](https://ajaxcontroltoolkit.codeplex.com/SourceControl/latest) to see the changes. Please note, that the sanitizer modifies any suspicious HTML to make it non-suspicious. This can lead to a new markup that is detected as suspicious. In current case '&' persists after sanitizing and will be sanitized again. To get rid of recursive sanitization, you can show the unmodified HTML to a user between postbacks, but save the sanitized markup to your storage to ensure it is not dangerous.