Support forums » Products » Rich Text Editor for .NET and ... » Re: Security issue with the editor - html encoding from the view

Re: Security issue with the editor - html encoding from the view

  •  11-22-2012, 5:31 AM

    Re: Security issue with the editor - html encoding from the view

    Reply Quote

    Hi Jeff,

     

    when you allow html into your contoller you are open to javascript attaks, sql injection attaks, ext... all that you need to handle in the back end of your code.

    I prefer to block it and not allowing any html code into the back-end.

     

    I think we need to find a solution on the view. the editor needs to send encoded html back to the controller.

     

    is there any other solution?

     

    Thank You

    Ori

     

     
View Complete Thread