Hi,
We use the RAD Editor in our application but today I've found a problem.
When I go to source mode and type the following line:
For<script>alert("Bug!");</script>after
and next switch to design mode I see the text "Forafter".
The script tags have been removed and when I save it and look at the source code in IE, I see the following:
value="Forafter"
But when I type the same line again in de source mode and save it directly (without going to design mode) and look at the source code of the page in IE, I see the following:
value="For<script>alert("Bug!");</script>after"
Is this a bug? Or do I miss a property?
We use the RAD Editor version 7.02
We use the RAD Editor in our application but today I've found a problem.
When I go to source mode and type the following line:
For<script>alert("Bug!");</script>after
and next switch to design mode I see the text "Forafter".
The script tags have been removed and when I save it and look at the source code in IE, I see the following:
value="Forafter"
But when I type the same line again in de source mode and save it directly (without going to design mode) and look at the source code of the page in IE, I see the following:
value="For<script>alert("Bug!");</script>after"
Is this a bug? Or do I miss a property?
We use the RAD Editor version 7.02
2 Answers, 1 is accepted
0
Hi Ronald,
By default the editor removes the script tags in the content area to prevent malicious scripts. In this scenario you should disable the AllowScripts client-side filter of Radeditor by setting the following server property of RadEditor:
AllowScripts="true"
The content submitted in Html mode is not parsed and validated via the RadEditor's content filters, for that reason you can use the following workaround to switch to Design mode when pressing the Update button of RadEditor:
<script type="text/javascript">
function OnClientSubmit(editor)
{
editor.SetMode(1); //set RadEditor in Edit mode
}
</script>
<rade:radEditor Id="RadEditor1" Runat="server" AllowScripts="true"
OnClientSubmit="OnClientSubmit">
</rade:radEditor>
Best regards,
Rumen
the Telerik team
Instantly find answers to your questions on the new Telerik Support Portal.
Check out the tips for optimizing your support resource searches.
By default the editor removes the script tags in the content area to prevent malicious scripts. In this scenario you should disable the AllowScripts client-side filter of Radeditor by setting the following server property of RadEditor:
AllowScripts="true"
The content submitted in Html mode is not parsed and validated via the RadEditor's content filters, for that reason you can use the following workaround to switch to Design mode when pressing the Update button of RadEditor:
<script type="text/javascript">
function OnClientSubmit(editor)
{
editor.SetMode(1); //set RadEditor in Edit mode
}
</script>
<rade:radEditor Id="RadEditor1" Runat="server" AllowScripts="true"
OnClientSubmit="OnClientSubmit">
</rade:radEditor>
Best regards,
Rumen
the Telerik team
Instantly find answers to your questions on the new Telerik Support Portal.
Check out the tips for optimizing your support resource searches.
0
Ronald
Top achievements
Rank 1
Rank 1
answered on 08 Jun 2009, 08:23 AM
Thank you Rumen! This solved the problem! :)