Sam Stange
Top achievements
Rank 1
Rank 1
Sam Stange
asked on 24 Jul 2009, 07:30 PM
One of the vulnerabilities I noticed recently with the RAD Editor is the ability to inject javascript on the page. Allowing users into the "HTML" view of the page is a little dangerous. Luckily it's not on this page, or all users would be going to my site :). What is the best way to deal with this problem? Not enable HTML view for users?
Thanks,
Sam
Thanks,
Sam
1 Answer, 1 is accepted
0
Hi Sam,
The RadEditor's RemoveScripts built-in content filter deletes the script tags to reduce the possibility of cross-site scripting and other script-related problems. This content filter is enabled by default.
In addition, you can easily hide the Html mode by setting the EditModes property to Design,Preview.
Best regards,
Rumen
the Telerik team
Instantly find answers to your questions on the new Telerik Support Portal.
Check out the tips for optimizing your support resource searches.
The RadEditor's RemoveScripts built-in content filter deletes the script tags to reduce the possibility of cross-site scripting and other script-related problems. This content filter is enabled by default.
In addition, you can easily hide the Html mode by setting the EditModes property to Design,Preview.
Best regards,
Rumen
the Telerik team
Instantly find answers to your questions on the new Telerik Support Portal.
Check out the tips for optimizing your support resource searches.