Home/ Questions/Q 8234243
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T18:24:39+00:00

Today I added HtmlEditorExtender to my asp.net web application everything works fine but i

  • 0

Today I added HtmlEditorExtender to my asp.net web application everything works fine but i am facing two major problems in this:
1. How can i set image upload location where the image will be uploaded by HtmlEditorExtender.
2. I am not able to enable AntiXSS Sanitizer Provider for this HtmlEditorExtender i followed the methods on this page
asp.net ajax page

but when i put this code in Web.config

<sanitizer defaultProvider="AntiXssSanitizerProvider">
    <providers>
        <add name="AntiXssSanitizerProvider" 
        type="AjaxControlToolkit.Sanitizer.
          AntiXssSanitizerProvider"></add>
    </providers>
</sanitizer>

this underlines <sanitizer> tag and on debugging it asks me to provide an Sanitizer.cs file and tells that
Could not load type ‘AjaxControlToolkit.Sanitizer.AntiXssSanitizerProvider’. (C:\Users\saurav\Documents\Visual Studio 2010\Projects\sauravtopnet\sauravtopnet\web.config line 56)
Locating source for ‘c:\Users\Stephen\Documents\Repos\Superexpert\AjaxControlToolkit\Server\AjaxControlToolkit\HtmlEditorExtender\HtmlEditorExtender.cs’. Checksum: MD5 {79 93 7c d3 c7 ff b7 88 f af 76 3c 18 24 66 19}
The file ‘c:\Users\Stephen\Documents\Repos\Superexpert\AjaxControlToolkit\Server\AjaxControlToolkit\HtmlEditorExtender\HtmlEditorExtender.cs’ does not exist.
Looking in script documents for ‘c:\Users\Stephen\Documents\Repos\Superexpert\AjaxControlToolkit\Server\AjaxControlToolkit\HtmlEditorExtender\HtmlEditorExtender.cs’…
Looking in the projects for ‘c:\Users\Stephen\Documents\Repos\Superexpert\AjaxControlToolkit\Server\AjaxControlToolkit\HtmlEditorExtender\HtmlEditorExtender.cs’.
The file was not found in a project.
Looking in directory ‘D:\Program Files\Microsoft Visual Studio 10.0\VC\crt\src\’…
Looking in directory ‘D:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\src\mfc\’…
Looking in directory ‘D:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\src\atl\’…
Looking in directory ‘D:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\’…
The debug source files settings for the active solution indicate that the debugger will not ask the user to find the file: c:\Users\Stephen\Documents\Repos\Superexpert\AjaxControlToolkit\Server\AjaxControlToolkit\HtmlEditorExtender\HtmlEditorExtender.cs.
The debugger could not locate the source file ‘c:\Users\Stephen\Documents\Repos\Superexpert\AjaxControlToolkit\Server\AjaxControlToolkit\HtmlEditorExtender\HtmlEditorExtender.cs’.

I should tell you that in
c:\Users\Stephen\Documents\Repos\Superexpert\AjaxControlToolkit\Server\AjaxControlToolkit\HtmlEditorExtender\HtmlEditorExtender.cs
Stephen is not any user on my system than why debugger is looking for this path.

I added these two lines to my code behind page

using AjaxControlToolkit.Sanitizer;
using Microsoft.Security.Application;

this is my ajax code

<ajaxToolkit:HtmlEditorExtender
    ID="hee" EnableSanitization="true"
    TargetControlID="txtComments"
    Runat="server" >
    <Toolbar> 
            <ajaxToolkit:Undo />
            <ajaxToolkit:Redo />
            <ajaxToolkit:Bold />
            <ajaxToolkit:Italic />
            <ajaxToolkit:Underline />
            <ajaxToolkit:StrikeThrough />
            <ajaxToolkit:Subscript />
            <ajaxToolkit:Superscript />
            <ajaxToolkit:JustifyLeft />
            <ajaxToolkit:JustifyCenter />
            <ajaxToolkit:JustifyRight />
            <ajaxToolkit:JustifyFull />
            <ajaxToolkit:InsertOrderedList />
            <ajaxToolkit:InsertUnorderedList />
            <ajaxToolkit:CreateLink />
            <ajaxToolkit:UnLink />
            <ajaxToolkit:RemoveFormat />
            <ajaxToolkit:SelectAll />
            <ajaxToolkit:UnSelect />
            <ajaxToolkit:Delete />
            <ajaxToolkit:Cut />
            <ajaxToolkit:Copy />
            <ajaxToolkit:Paste />
            <ajaxToolkit:BackgroundColorSelector />
            <ajaxToolkit:ForeColorSelector />
            <ajaxToolkit:FontNameSelector />
            <ajaxToolkit:FontSizeSelector />
            <ajaxToolkit:Indent />
            <ajaxToolkit:Outdent />
            <ajaxToolkit:InsertHorizontalRule />
            <ajaxToolkit:HorizontalSeparator />
            <ajaxToolkit:InsertImage />
        </Toolbar>
    </ajaxToolkit:HtmlEditorExtender>

this is my reference

<%@ Register Assembly="AjaxControlToolkit" Namespace="AjaxControlToolkit" TagPrefix="asp" %>

and i already downloaded and added all three .dlls.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It was very difficult task to configure Ajax HtmlEditorExtender but this link : http://stephenwalther.com/archive/2012/05/01/ajax-control-toolkit-may-2012-release.aspx will guide you how to set image upload path and other related settings

    Next problem was how to setup sanitizer to protect you from XSS attacks. Actually the recommended sanitizer provider doesn’t work correctly. Look what i did for that

    1. Download AntiXSS.4.2.1 from Microsoft CodePlex or through NuGet
    2. Now extract zip file you will get two .dlls AntiXSSLibrary.dll and HtmlSanitizationLibrary.dll add your project References to these two .dlls
    3. Now add using Microsoft.Security.Application; to your code behind page.
    4. Now Use the code below on click event of any button through which you want to get and show your input in htmleditor.

    Here txteditor is the the id of the asp:textbox which is linked with your htmleditor. Input of any textbox is always encoded by .net framework for security so first decoded input html text then replaced <br> tag with my own word then i forwarded the input to sanitizer that will remove any XSS attack code but unfortunately it also removes html codes like <br>, <img src=""/> or <a href=""></a> thats why i replaced the <br> tag here now decode sanitized html again and replace your words with corresponding tags. Now you can show your html anywhere like i shown in div1. I think these info. can help you in your further steps.

    String x = HttpUtility.HtmlDecode(txteditor.Text).Replace("<br>", "rrrbbbbrbrbrbrbr"); 
String y = Sanitizer.GetSafeHtmlFragment(x); 
div1.InnerHtml = HttpUtility.HtmlDecode(y).Replace("rrrbbbbrbrbrbrbr", "<br>"); 
txteditor.Text = HttpUtility.HtmlDecode(y).Replace("rrrbbbbrbrbrbrbr", "<br>");

    Make default sanitizer to false like this:

        <ajaxToolkit:HtmlEditorExtender ID="ajaxeditor" OnImageUploadComplete="ajaxFileUpload_OnUploadComplete" TargetControlID="txteditor" DisplaySourceTab="false" EnableSanitization="false" Runat="server" >

    No need to configure anything in web.config and no need to add those 3 .dlls which are recommended on http://www.asp.net

    • 0