RadEditor not removing alertscript on submit.

1 posts, 0 answers
  1. Chrys
    Chrys avatar
    45 posts
    Member since:
    Feb 2013

    Posted 20 Feb 2014 Link to this post

    I have a rad editor on an aspx page.  <telerik:RadEditor ID="txtarFeedback" runat="server" CssClass="textareaRTE" EditModes="Design" Width="631px" Height="118px" StripFormattingOnPaste="MSWord" StripFormattingOptions="MSWord" AllowScripts="false" ContentFilters="RemoveScripts" >

    but when I put in <script>alert("hello");</script> it is still in both the Content and in Text when it is submitted to the server.
    Admitted Content it is much more harmless but shouldn't it be removing the whole thing from content?
Back to Top