As one of the newest members of the Cutesoft customer family we are happy to say we have been very happy with the developer license purchased last month. The forum is very responsive and with a bit of digging and lateral thinking we've been able to see the cuter side of Cute Editor. Our team is still a little curious about one thing though, we are using Cute Editor has the preview pane and editor pane of a custom web email application (integrated into a CRM system). And it would delight us to no ends to know whether

 

    1. Cute Editor (when previewing) will or will not act on intentionally injected client-side javascript or SQL scripts. (The correct answer we are looking for is that it will neuter any Javascript blocks, or there is a switch to neuter them). 

    2. If it doesn't, whether this can be added?

    3. And whether if anyone in the forum has had to deal with this requirement before (have you had any success buying a 3rd-party application firewall specializing in cleaning javascript and Injection attacks).

    4. I think the Injection Attack side of the story is easier, we call ADO.NET using command parameters and that lessen the danger. So consider this one low priority compare to the Javascript problem.

 

Because this is a bit of a weird question I will elaborate on why this is a concern to us. Our users will send out email using a webmail. They will get replies. The replies aren't filtered for Javascript. These Javascript (in the form of the email replies displaying in Cute Editor's edit/preview pane) could potentially run on our user's machines and cause security problems. Problems such as sending cookies and private information. Or redirecting our users to malicious sites. Etc etc. The sky's the limit with the current state of browser security. And it worries us greatly.

 

Any help would be much appreciated! Thank you so much!