This is a migrated thread and some comments may be shown as answers.

Input sanitization

2 Answers 108 Views
Editor
This is a migrated thread and some comments may be shown as answers.
DoomerDGR8
Top achievements
Rank 2
Iron
Iron
Veteran
DoomerDGR8 asked on 12 Feb 2021, 01:29 PM

Hi!

 

I have successfully used the editor control in my application. Now its priming time. I need guidance on sanitization as in the docs section, I only see this tip section:

The application must sanitize the content before passing it to the editor and, optionally, before saving it to its storage after obtaining it from the editor. It is up to the application to ensure there is no malicious content (such as input sanitization, XSS attack prevention and other security concerns).

 

Is there a best-practice or at least a minimum common rules to check for? Is there something you guys are using behind your online demo? I need to know because my site will be public facing and any malicious activity can get me in trouble.

2 Answers, 1 is accepted

Sort by
0
Marin Bratanov
Telerik team
answered on 13 Feb 2021, 01:18 PM

Hi Hassan,

The sanitization of the input is entirely up to the application and its needs. You may want to strip just about everything potentially dangerous (such as DOM event handlers and CSS experssions), others may want to keep even <script> tags.

While I am not in a position to advise on how to do that and what third party tools you can use, I can suggest you start off with a few generic searches and threads like these ones:

 

Regards,
Marin Bratanov
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

0
Andy
Top achievements
Rank 1
Iron
answered on 15 May 2021, 06:11 AM

I use HtmlSanitizer  

https://github.com/mganss/HtmlSanitizer

 

Tags
Editor
Asked by
DoomerDGR8
Top achievements
Rank 2
Iron
Iron
Veteran
Answers by
Marin Bratanov
Telerik team
Andy
Top achievements
Rank 1
Iron
Share this question
or