Support forums » Products » Cute Editor for .NET » Re: XSS Problem

XSS Problem

Last post 09-30-2010, 4:20 PM by Adam. 2 replies.


	Sort Posts: Previous Next

09-16-2010, 3:04 AM 64038

andriex
Joined on 02-03-2005
Milan, Italy
Posts 75

XSS Problem

Reply Quote

Hi,

How can we remove any malicious scripts entered by users in HTML tab?

Example:

with HTMLEcnode it block scrpt tag but also html base tag (bold).

Have you solved XSS Security problem?

thank you very much

regard's

09-16-2010, 8:47 AM 64047 in reply to 64038

Eric
Joined on 08-05-2009
Posts 1,269

Re: XSS Problem

Reply Quote

Dear andriex,

Did you set EnableStripScriptTags="false"?

Please change:

<CE:Editor id="Editor1" EnableStripScriptTags="false" runat="server" ></CE:Editor>

to:

<CE:Editor id="Editor1" runat="server" ></CE:Editor>

and try it again.

You can find related topic in http://cutesoft.net/forums/thread/41655.aspx

Thank you for asking

[email protected]

09-30-2010, 4:20 PM 64279 in reply to 64038

Adam
Joined on 09-23-2003
Aurora, ON
Posts 18,678

Re: XSS Problem

Reply Quote

EnableStripScriptTags

Specifies whether to remove inject script before write the string into the db. When this property is set to true (the default) Cute Editor strips all script elements and script contents from the html.

asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
asp wysiwyg html editor: http://cutesoft.net/ASP
asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
Live Support: http://cutesoft.net/live-support/default.aspx