Iframes are stripped away :S

Last post 06-23-2008, 12:19 PM by Adam. 3 replies.
Sort Posts: Previous Next
  •  06-18-2008, 5:04 AM 41510

    Iframes are stripped away :S

    Hello, I use CE 6.1 in ASP.Net using the following settings :
     

    <CE:Editor ID="edittxt" runat="server" EnableStripScriptTags="false" AutoConfigure="Default" BreakElement="P" Width="100%"

    Height="500px" EnableAntiSpamEmailEncoder="true" EnableBrowserContextMenu="true"

    URLType="Absolute"

    >

    </CE:Editor>
     
    and when I try to add iframe, they are deleted before the validation.
    What can I do ?
  •  06-18-2008, 10:44 AM 41520 in reply to 41510

    Re: Iframes are stripped away :S

    Please set the following property to false:
     

    Editor.EnableStripIframeTags Property

    That's a new property under 6.1 and you'll be fine.
     
     
     
     
     
     
     
  •  06-23-2008, 10:43 AM 41653 in reply to 41520

    Re: Iframes are stripped away :S

    But I already use that in the aspx code :

    EnableStripScriptTags
    ="false"
     
    isn't it working the same way?
  •  06-23-2008, 12:19 PM 41655 in reply to 41653

    Re: Iframes are stripped away :S

    Sergejack:
    But I already use that in the aspx code :

    EnableStripScriptTags
    ="false"
     
    isn't it working the same way?
     
    EnableStripIframeTags Specifies whether to remove inject Iframe tags before writing the string into the db. When this property is set to true (the default) Cute Editor strips all iframe tags from the html to prevent iframe injection attack.
    EnableStripLinkTagsCodeInjection Specifies whether to remove <link> tags which contain malicious, client-side executable code before writing the string into the db. When this property is set to true (the default) Cute Editor strips all <link> tags which contain malicious, client-side executable code from the html to prevent link tag injection attack.
    EnableStripScriptTags Specifies whether to remove inject script before writing the string into the db. When this property is set to true (the default) Cute Editor strips all script elements and script contents from the html.
    EnableStripStyleTagsCodeInjection Specifies whether to remove inject <Style> tags which contain malicious, client-side executable code before writing the string into the db. When this property is set to true (the default) Cute Editor strips all <Style> tags which contain malicious, client-side executable code from the html to prevent link tag injection attack.

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

View as RSS news feed in XML