Asp.net 4.5,IIS 8
清洁剂甚至没有删除这个简单的脚本
<script>alert('error')</script>
好的,我的配置
<asp:TextBox ID="txtMessageBody" TextMode="MultiLine" Height="500px" runat="server"
CssClass="MessageSendArea" MaxLength="4000" ClientIDMode="Static" />
<ajaxToolkit:HtmlEditorExtender ID="htmlEditorExtender1" TargetControlID="txtMessageBody"
runat="server" DisplaySourceTab="True">
<Toolbar>
<ajaxToolkit:Undo />
<ajaxToolkit:Redo />
<ajaxToolkit:Bold />
<ajaxToolkit:Italic />
<ajaxToolkit:Underline />
<ajaxToolkit:StrikeThrough />
<ajaxToolkit:Subscript />
<ajaxToolkit:Superscript />
<ajaxToolkit:JustifyLeft />
<ajaxToolkit:JustifyCenter />
<ajaxToolkit:JustifyRight />
<ajaxToolkit:JustifyFull />
<ajaxToolkit:InsertOrderedList />
<ajaxToolkit:InsertUnorderedList />
<ajaxToolkit:CreateLink />
<ajaxToolkit:UnLink />
<ajaxToolkit:RemoveFormat />
<ajaxToolkit:SelectAll />
<ajaxToolkit:UnSelect />
<ajaxToolkit:Delete />
<ajaxToolkit:Cut />
<ajaxToolkit:Copy />
<ajaxToolkit:Paste />
<ajaxToolkit:BackgroundColorSelector />
<ajaxToolkit:ForeColorSelector />
<ajaxToolkit:FontNameSelector />
<ajaxToolkit:FontSizeSelector />
<ajaxToolkit:Indent />
<ajaxToolkit:Outdent />
<ajaxToolkit:InsertHorizontalRule />
<ajaxToolkit:HorizontalSeparator />
</Toolbar>
</ajaxToolkit:HtmlEditorExtender>
这是我的webconfig
<configSections>
<sectionGroup name="system.web">
<section name="sanitizer" requirePermission="false" type="AjaxControlToolkit.Sanitizer.ProviderSanitizerSection, AjaxControlToolkit"/>
</sectionGroup>
<trust level="Full"/>
<sanitizer defaultProvider="HtmlAgilityPackSanitizerProvider">
<providers>
<add name="HtmlAgilityPackSanitizerProvider" type="AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider"/>
</providers>
</sanitizer>
这是我的支票
if (htmlEditorExtender1.SanitizerProvider == null)
{
Response.Redirect("PostNewPM.aspx");
}
这是我发布上述警报脚本消息时得到的结果
<script>alert('error')</script>
解码后显示给用户
<script>alert('error')</script>
答案 0 :(得分:0)
添加SanitizerProvider属性,如下所示:
<ajaxToolkit:HtmlEditorExtender ID="htmlEditorExtender1"
TargetControlID="txtMessageBody"
runat="server" DisplaySourceTab="True"
SanitizerProvider="HtmlAgilityPackSanitizerProvider">