Hi guys, question about browser security and cute editor

Last post 04-10-2006, 3:35 PM by Adam. 1 replies.
Sort Posts: Previous Next
  •  04-10-2006, 10:54 AM 18054

    Hi guys, question about browser security and cute editor

    As one of the newest members of the Cutesoft customer family we are happy to say we have been very happy with the developer license purchased last month. The forum is very responsive and with a bit of digging and lateral thinking we've been able to see the cuter side of Cute Editor. Our team is still a little curious about one thing though, we are using Cute Editor has the preview pane and editor pane of a custom web email application (integrated into a CRM system). And it would delight us to no ends to know whether
     
        1. Cute Editor (when previewing) will or will not act on intentionally injected client-side javascript or SQL scripts. (The correct answer we are looking for is that it will neuter any Javascript blocks, or there is a switch to neuter them). 
        2. If it doesn't, whether this can be added?
        3. And whether if anyone in the forum has had to deal with this requirement before (have you had any success buying a 3rd-party application firewall specializing in cleaning javascript and Injection attacks).
        4. I think the Injection Attack side of the story is easier, we call ADO.NET using command parameters and that lessen the danger. So consider this one low priority compare to the Javascript problem.
     
    Because this is a bit of a weird question I will elaborate on why this is a concern to us. Our users will send out email using a webmail. They will get replies. The replies aren't filtered for Javascript. These Javascript (in the form of the email replies displaying in Cute Editor's edit/preview pane) could potentially run on our user's machines and cause security problems. Problems such as sending cookies and private information. Or redirecting our users to malicious sites. Etc etc. The sky's the limit with the current state of browser security. And it worries us greatly.
     
    Any help would be much appreciated! Thank you so much!
  •  04-10-2006, 3:35 PM 18070 in reply to 18054

    Re: Hi guys, question about browser security and cute editor

    obiwantcp,
     
    Thanks for the nice comments about CuteEditor.
     
    The JavaScripts in the Editor Preview pane is disabled.
     
    However the JavaScripts are supported in CuteEditor as ong as you set EnableStripScriptTags property to false:
     
    Editor.EnableStripScriptTags Property
     
    Specifies whether to remove inject script before write the string into the db.   
     
    Please test the following page:
     
     
    Hope it helps.
     
    Keep me posted
     
     
     
     

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

View as RSS news feed in XML