Security issue with the editor - html encoding from the view

  •  11-21-2012, 5:14 PM

    Security issue with the editor - html encoding from the view

    Hi,

     

    i am using richttexteditor and i am getting this error

    A potentially dangerous Request.Form value was detected from the client (Editor="<p style="direction:...").

    while running:


                Editor editor = new Editor(System.Web.HttpContext.Current, "Editor");
                editor.ClientFolder = "/Scripts/richtexteditor/";
                string content = Request.Form["Editor"];

     

    i woul dlike to know how can i updat the editor to send encoded html to the controller.

    i prefer not to allow html into the controller by updating the application by adding this to the we.config"

    validateRequest=true"

     

    thank you

     

    Ori

     

    Filed under: ,
View Complete Thread