This is a migrated thread and some comments may be shown as answers.
RAD Editor Security Vulnerability
1 Answer 56 Views
This is a migrated thread and some comments may be shown as answers.
Sam Stange
Top achievements
Rank 1
Sam Stange asked on 24 Jul 2009, 07:30 PM
One of the vulnerabilities I noticed recently with the RAD Editor is the ability to inject javascript on the page. Allowing users into the "HTML" view of the page is a little dangerous. Luckily it's not on this page, or all users would be going to my site :). What is the best way to deal with this problem? Not enable HTML view for users?

Thanks,
Sam

1 Answer, 1 is accepted

Sort by
0
Rumen
Telerik team
answered on 27 Jul 2009, 01:47 PM
Hi Sam,

The RadEditor's RemoveScripts built-in content filter deletes the script tags to reduce the possibility of cross-site scripting and other script-related problems. This content filter is enabled by default.

In addition, you can easily hide the Html mode by setting the EditModes property to Design,Preview.

Best regards,
Rumen
the Telerik team

Instantly find answers to your questions on the new Telerik Support Portal.
Check out the tips for optimizing your support resource searches.
Asked by
Sam Stange
Top achievements
Rank 1
Answers by
Rumen
Telerik team
Share this question
or