Skip to content

Commit 389d9af

Browse files
attilaantalattilaantal
authored
kb(editor): update fix page meta data and add new lines between headers
1 parent a5e8bc3 commit 389d9af

File tree

1 file changed

+9
-1
lines changed

1 file changed

+9
-1
lines changed

knowledge-base/editor-sanitize-html-content.md

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
---
12
title: Sanitizing HTML Content in RadEditor During Paste Operations
23
description: Learn how to sanitize HTML content inserted or pasted into RadEditor using the OnClientPasteHtml event and the Paste HTML dialog - Telerik UI for ASP.NET AJAX
34
type: how-to
@@ -7,8 +8,10 @@ position:
78
tags:
89
ticketid: 1619141
910
res_type: kb
11+
---
1012

1113
## Environment
14+
1215
<table>
1316
<tbody>
1417
<tr>
@@ -19,10 +22,13 @@ res_type: kb
1922
</table>
2023

2124
## Description
25+
2226
In RadEditor for ASP.NET AJAX, users can paste HTML content via the "Paste HTML" dialog or manually with `Ctrl+V`. While the [RadEditor RemoveScripts, StripDomEventAttributes, StripCssExpressions content filters prevent XSS attacks by sanitizing the content](https://docs.telerik.com/devtools/aspnet-ajax/controls/editor/managing-content/prevent-cross-site-scripting-(xss)#radeditor-and-xss) upon submission and on the server side, some users may wish to sanitize the content at the time of pasting. This article explains how to sanitize HTML content during paste operations in the OnClientPasteHtml event as well as in the Paste HTML dialog.
2327

2428
## Solution
29+
2530
### Sanitizing HTML Content During OnClientPasteHtml Event
31+
2632
To sanitize the HTML content during the `OnClientPasteHtml event`, you can use the following JavaScript code in your RadEditor configuration:
2733

2834
````ASPX
@@ -84,9 +90,11 @@ To sanitize the HTML content during the `OnClientPasteHtml event`, you can use t
8490
````
8591

8692
### Sanitizing HTML Content in the Paste HTML Dialog
93+
8794
The solution above also applies to the content inserted (pasted) by the `Paste HTML` since its content goes through the OnClientPasteHtml event.
8895

8996
## Summary
97+
9098
By implementing these modifications, you ensure that HTML content pasted into RadEditor is sanitized immediately, providing an additional layer of security against potential XSS attacks. Although the built-in content filters are effective, this approach offers real-time protection during paste operations, enhancing the overall security of your application.
9199

92-
100+

0 commit comments

Comments
 (0)