Home
ASP.NET Forums » Microsoft Downloads » Anti-Cross Site Scripting Library » Can we use Antixss Library with WYSIWYG editors

Can we use Antixss Library with WYSIWYG editors

Last post 09-16-2008 9:45 PM by adamar. 6 replies.

Sort Posts:

  • Can we use Antixss Library with WYSIWYG editors

    06-09-2008, 1:00 PM
    • Loading...
    • nagarwal
    • Joined on 10-29-2007, 11:43 AM
    • Posts 2

    Hi all,

    Can we use the Antixss library with WYSIWYG editors output?

    If Yes please let me know how it is possible to do that.

  • Re: Can we use Antixss Library with WYSIWYG editors

    08-09-2008, 1:14 PM

    Same question from me. I want to integarate it with WYSIWYG editor but don't know how to prevent malicious scripts but still allow HTML tags.

    I hope there is someone can answer it...

    Thanks b4

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Re: Can we use Antixss Library with WYSIWYG editors

    08-19-2008, 4:57 PM
    • Loading...
    • TreeWalker
    • Joined on 09-28-2007, 6:43 AM
    • Posts 44

    Add me to the list of those who want an answer to this question.

    I'd also like to know which WYSIWYG textbox controls you guys are using, and if there is a better "home brewed" solution for ASP.Net apps.

    Oh and also it has to work in a hosted environment.

  • Re: Can we use Antixss Library with WYSIWYG editors

    08-22-2008, 9:33 PM
    • Loading...
    • adman666
    • Joined on 11-01-2006, 1:19 AM
    • Brisbane, Australia
    • Posts 70

    Hi,

    You sure can use the antiXSS library with most editors.

    The most popular editors are probably FCKEditor and FreeTextBox.

    Get the latest version of the Microsoft Anti-Cross Site Scripting Library here

    These editors will require that you set the ValidateRequest parameter in @ Page  to false. This is obviously asking for trouble so use the AntiXss library to encode all input on the page especially any input from the WSIWYG editor. There is a great tutorial here: http://msdn.microsoft.com/en-us/library/aa973813.aspx

    Enjoy.

    Remember: If you liked it tick it. Thanks.

  • Re: Can we use Antixss Library with WYSIWYG editors

    08-22-2008, 11:40 PM

    adman666:

    Hi,

    You sure can use the antiXSS library with most editors.

    The most popular editors are probably FCKEditor and FreeTextBox.

    Get the latest version of the Microsoft Anti-Cross Site Scripting Library here

    These editors will require that you set the ValidateRequest parameter in @ Page  to false. This is obviously asking for trouble so use the AntiXss library to encode all input on the page especially any input from the WSIWYG editor. There is a great tutorial here: http://msdn.microsoft.com/en-us/library/aa973813.aspx

    Enjoy.

     Hum... would you give the real code example of using AntiXSS with WYSIWYG editor from encoding input to displaying the encoded input that will eliminate the malicius script and keep the safe HTML there?

    For me, when I encode the input, it will also encode the HTML tags.... is there API to set allowed HTML tags?

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Re: Can we use Antixss Library with WYSIWYG editors

    08-22-2008, 11:41 PM

    adman666:

    Hi,

    You sure can use the antiXSS library with most editors.

    The most popular editors are probably FCKEditor and FreeTextBox.

    Get the latest version of the Microsoft Anti-Cross Site Scripting Library here

    These editors will require that you set the ValidateRequest parameter in @ Page  to false. This is obviously asking for trouble so use the AntiXss library to encode all input on the page especially any input from the WSIWYG editor. There is a great tutorial here: http://msdn.microsoft.com/en-us/library/aa973813.aspx

    Enjoy.

     Hum... would you give the real code example of using AntiXSS with WYSIWYG editor from encoding input to displaying the encoded input that will eliminate the malicius script and keep the safe HTML there?

    For me, when I encode the input, it will also encode the HTML tags.... is there API to set allowed HTML tags?

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Re: Can we use Antixss Library with WYSIWYG editors

    09-16-2008, 9:45 PM
    • Loading...
    • adamar
    • Joined on 09-17-2008, 1:42 AM
    • Posts 1
    I too am kinda stumped with this. I do see some functions for stripping unsafe tags\script from html, namely

    AntiXss.GetSafeHtmlFragment
    and
    AntiXss.GetSafeHtml

    but when I try to call these functions I get an exception saying "SafeHtml Failed".

    It would be great to get an aswer to this as it seems alot of people have the same issue,
    Filed under:
Page 1 of 1 (7 items)
RSS Available

Advertise on ASP.NET

About this Site

Microsoft Communities
Page view counter