Support forums » Products » Cute Editor for .NET » 6.0 enhancement of EnableStripScriptTags

6.0 enhancement of EnableStripScriptTags

03-29-2007, 11:39 AM

jboduch
Joined on 08-01-2005
Posts 57

6.0 enhancement of EnableStripScriptTags

Reply Quote

Testing this 5.3 issue http://cutesoft.net/forums/thread/23914.aspx via the 6.0 test page.

Bug 1) I put in <img onmouseover="alert('hi')" src="http://cutesoft.net/Themes/default/images/common/title.gif"> via HTML mode in the test URL http://richtextbox.net/test/ and click show HTML, it does not get stripped out and I get an alert when mousing over the image.

Bug 2) Also tested to make sure script tags still get stripped out and I get a .NET runtime error error on your site http://richtextbox.net/test/ when clicking show HTML with the following inputed in HTML mode <script>alert('crashforums')</script>

Server Error in '/' Application.

Runtime Error

Not sure if you have EnableStripScriptTags set to false? I know by default it is set to true.

Jason

View Complete Thread