HtmlEditorExtender stripes out pre tag
I have coded my own quoting system since HtmlEditorExtender does not have a quote system. Or does it have?
asp.net 4.5 and ASP.NET AJAX Control Toolkit 16.1.0.0
In 2016 do we still not have whitelisting feature?
For quote, i am using pre tag. However, the latest HtmlEditorExtender in version 16.1.0 stripes out the pre tag. It just removes the part that contains pre tag.
I mean like
<pre><pre>CeFurkan: Wrote</pre>dsfsdfs</pre>
This is removed at the client side before posting to the server. How can i allow this tag?
I also tried with span class="myClass" and it removes class tag this time
my settings are
code behind
htmlEditorExtender1.EnableSanitization = true;
front code
<ajaxToolkit:HtmlEditorExtender ID="htmlEditorExtender1" TargetControlID="txtMessageBody"
runat="server" DisplaySourceTab="True">
<Toolbar>
<ajaxToolkit:Undo />
<ajaxToolkit:Redo />
<ajaxToolkit:Bold />
<ajaxToolkit:Italic />
<ajaxToolkit:Underline />
<ajaxToolkit:StrikeThrough />
<ajaxToolkit:Subscript />
<ajaxToolkit:Superscript />
<ajaxToolkit:JustifyLeft />
<ajaxToolkit:JustifyCenter />
<ajaxToolkit:JustifyRight />
<ajaxToolkit:JustifyFull />
<ajaxToolkit:InsertOrderedList />
<ajaxToolkit:InsertUnorderedList />
<ajaxToolkit:CreateLink />
<ajaxToolkit:UnLink />
<ajaxToolkit:RemoveFormat />
<ajaxToolkit:SelectAll />
<ajaxToolkit:UnSelect />
<ajaxToolkit:Delete />
<ajaxToolkit:Cut />
<ajaxToolkit:Copy />
<ajaxToolkit:Paste />
<ajaxToolkit:BackgroundColorSelector />
<ajaxToolkit:ForeColorSelector />
<ajaxToolkit:FontNameSelector />
<ajaxToolkit:FontSizeSelector />
<ajaxToolkit:Indent />
<ajaxToolkit:Outdent />
<ajaxToolkit:InsertHorizontalRule />
<ajaxToolkit:HorizontalSeparator />
</Toolbar>
</ajaxToolkit:HtmlEditorExtender>
And web config
<ajaxControlToolkit useStaticResources="true" renderStyleLinks="false" htmlSanitizer="AjaxControlToolkit.HtmlEditor.Sanitizer.DefaultHtmlSanitizer, AjaxControlToolkit.HtmlEditor.Sanitizer" />
the full error it gives when the answer of Yuriy tried
Value cannot be null.
Parameter name: type
Stack:
at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at System.Activator.CreateInstance(Type type)
at AjaxControlToolkit.HtmlEditorExtender.CreateSanitizer()
at System.Lazy`1.CreateValue()
at System.Lazy`1.LazyInitValue()
at System.Lazy`1.get_Value()
at AjaxControlToolkit.HtmlEditorExtender.get_Sanitizer()
at AjaxControlToolkit.HtmlEditorExtender.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
class implementation
Solution
The most easiest way in my opinion is to create own implementation of the IHtmlSanitizer inheriting the DefaultHtmlSanitizer and override the GetSafeHtmlFragment method as below
public class MyHtmlSanitizer : DefaultHtmlSanitizer, IHtmlSanitizer
{
private static readonly string[] whiteListTags = (ConfigurationManager.AppSettings["whiteListTags"] ?? "").Split(',');
string IHtmlSanitizer.GetSafeHtmlFragment(string htmlFragment, Dictionary<string, string[]> whiteList)
{
foreach (var tag in whiteListTags)
{
if (!whiteList.ContainsKey(tag))
whiteList.Add(tag, new string[0]);
}
return base.GetSafeHtmlFragment(htmlFragment, whiteList);
}
}
Then add to appSettings section of web.config setting for own tags white list:
<appSettings>
<add key="whiteListTags" value="pre"/>
</appSettings>
And configure toolkit to use this sanitizer instead of the default:
<ajaxControlToolkit
useStaticResources="true"
renderStyleLinks="false"
htmlSanitizer="AjaxControlToolkit.Customization.MyHtmlSanitizer, AjaxControlToolkit.Customization"
tempFolder="~/Temp"/>
- How do you allow two DLL's with same namespace.class to exist in the same application?
- Duplicate characters when typing in VS 2022 .cs page
- .NET Aspire on existing docker project
- Azure Table Storage - No connection could be made because the target machine actively refused it 127.0.0.1:10002
- Trouble Adding Security Scheme for Identity in NSwag OpenAPIDocument with ASP.NET Core 8
- How is RegisterStartupScript called when Page.ClientScript.IsStartupScriptRegistered?
- Populate checklist in another webform
- .NET 4.5 changing how Response.IsRequestBeingRedirected behaves on Ajax calls - why?
- Javascript not working in Partial View
- File upload .NET Core 'IFormFile' does not contain a definition for 'SaveAsASync' and no extension method
- Gridview.SelectedRow returns null
- The constraint reference 'string' could not be resolved to a type. (netcoreapp3.0)
- JavaScript Timer Event to read a session variable in ASP.NET
- How to utilize WebDev.WebServer.exe (VS Web Server) in x64?
- Function set td text in <%if statement%> always be called
- How do I find out what is causing Edge Developer Tools to be BLANK on the company ASP.NET WebForms website?
- Token handler unable to convert the token to jwt token
- ASP.net making an AJAX call with Jquery
- Why is await async freezing the UI on my aspx page?
- ASP.NET Web Api: The requested resource does not support http method 'GET'
- OnItemCommand not firing from nested DataList
- C# UnitTests Mock File ReadAllBytes throws System.IO.FileNotFoundException
- How can I programmatically recycle a .net web app's own apppool?
- How do I get the the value of an ASP.NET hiddenfield in a typescript file
- Connect textbox in gridview and dropdownlist with a single datatable so that values can change in both at once without requiring a postback in ASP.NET
- HTTP Error 503. The service is unavailable. App pool stops on accessing website
- Paging through an IEnumerable
- Could not find a part of the path ... bin\roslyn\csc.exe
- .net max class size
- How do I mitigate the HTTP Parameter Pollution vulnerability for the Captcha.aspx in the ASP.NET Web Forms application