When I save text/html from a text box using the HTML Editor Extender it keeps on stripping out new lines and divs.
I have found the why:
if a tag is not on a white list (in other words, not needed by an
HtmlEditorExtender button) then it gets stripped. We want to do
everything that we can to prevent Cross-Site Scripting attacks so we
need to limit the types of tags, attributes, and attribute values
which you are allowed to use. If you set the HtmlEditorExtender
property EnableSanitization=”false” then no stripping occurs — but
then you open yourself up to Cross-Site Scripting attacks.
And I currently have the follow tools enabled on the toolbar:
<ajaxToolkit:HtmlEditorExtender ID="HtmlEditorExtender1"
TargetControlID="txtBody" DisplaySourceTab="false"
runat="server" Enabled="True">
<Toolbar>
<ajaxToolkit:Bold />
<ajaxToolkit:Italic />
<ajaxToolkit:Underline />
<ajaxToolkit:InsertOrderedList />
<ajaxToolkit:InsertUnorderedList />
<ajaxToolkit:CreateLink />
<ajaxToolkit:UnLink />
<ajaxToolkit:RemoveFormat />
</Toolbar>
</ajaxToolkit:HtmlEditorExtender>
I added the button <ajaxToolkit:JustifyLeft /> and <div> tags are no longer being stripped, but ideally I don’t want to allow additional buttons.
Question:
Is there a way to white-list <br /> and <div> tags without adding additional buttons?
Any other options that you guys can think of?
Adding any justify button will make the htmleditor extender usable in internet explorer.
without these buttons, everything gets stripped and tags are not accepted. You mention that you have been able to get tags br accepted also, which button did you add to allow this to happen. This will make the htmleditorextender usable. Thanks.