RAD Editor Security Vulnerability

2 posts, 0 answers
  1. Sam Stange
    Sam Stange avatar
    15 posts
    Member since:
    Jul 2006

    Posted 24 Jul 2009 Link to this post

    One of the vulnerabilities I noticed recently with the RAD Editor is the ability to inject javascript on the page. Allowing users into the "HTML" view of the page is a little dangerous. Luckily it's not on this page, or all users would be going to my site :). What is the best way to deal with this problem? Not enable HTML view for users?


  2. Rumen
    Rumen avatar
    13233 posts

    Posted 27 Jul 2009 Link to this post

    Hi Sam,

    The RadEditor's RemoveScripts built-in content filter deletes the script tags to reduce the possibility of cross-site scripting and other script-related problems. This content filter is enabled by default.

    In addition, you can easily hide the Html mode by setting the EditModes property to Design,Preview.

    Best regards,
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
Back to Top