onclick="..." are not stripped out in the radeditor webpart

4 posts, 0 answers
  1. Jean
    Jean avatar
    6 posts
    Member since:
    Oct 2009

    Posted 06 Dec 2010 Link to this post

    Hi,

    I've added the following property in my config file to forbid javascript code in the RADEditor:

    <property name="AllowScripts">False</property>

    I've noticed the following:
    - an "onclick" attribute of a href in a "page content" where the telerik editor is activated, is stripped out when saving the page.
    - an "onclick" attribute of a href in a "Telerik RADeditor webpart", is not stripped out when saving the page.

    How can I forbid the onclick attribute in a RADeditor webpart? I want it to be stripped out as well in the webpart.

    Kind regards,

    Jean

     

  2. Stanimir
    Admin
    Stanimir avatar
    1653 posts

    Posted 06 Dec 2010 Link to this post

    Hello Jean,

    The AllowScripts property is not related to elements attributes but the <script> tags in the content. What you can do is create your own content filter, which will strip the onclick attributes from the elements. Review the following online help articles:
    http://www.telerik.com/help/aspnet-ajax/contentfilters.html
    http://www.telerik.com/help/aspnet-ajax/set-properties-via-config-file.html

    Also check the following online demo
    http://demos.telerik.com/aspnet-ajax/editor/examples/contentfilters/defaultcs.aspx


    Kind regards,
    Stanimir
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.

  3. Jean
    Jean avatar
    6 posts
    Member since:
    Oct 2009

    Posted 06 Dec 2010 Link to this post

    Thank you for your prompt answer.

    But how come that it works in the page content but NOT in the webpart ?
    If this is Sharepoint behavior, can I have the same behavior for the telerik webpart ?

    Kind regards,

    Jean
  4. Stanimir
    Admin
    Stanimir avatar
    1653 posts

    Posted 07 Dec 2010 Link to this post

    Hi Jean,

    In WCM scenario when the content is send to the server there are SharePoint content filters, which are modifying it before it is saved in the database. These filters are stripping the onclick attribute. In WebPart scenario the WebPart it self is responsible for saving the content and there are no additional filters, which are applied on the submitted HTML code. This is the reason why if you want to make modifications in the code you need to this on the client and the way to achieve it is adding a custom content filter to RadEditor.


    Greetings,
    Stanimir
    the Telerik team

    Check out Telerik Trainer, the state of the art learning tool for Telerik products.
Back to Top