I have a rad editor on an aspx page. <telerik:RadEditor ID="txtarFeedback" runat="server" CssClass="textareaRTE" EditModes="Design" Width="631px" Height="118px" StripFormattingOnPaste="MSWord" StripFormattingOptions="MSWord" AllowScripts="false" ContentFilters="RemoveScripts" >
but when I put in <script>alert("hello");</script> it is still in both the Content and in Text when it is submitted to the server.
Admitted Content it is much more harmless but shouldn't it be removing the whole thing from content?
but when I put in <script>alert("hello");</script> it is still in both the Content and in Text when it is submitted to the server.
Admitted Content it is much more harmless but shouldn't it be removing the whole thing from content?