View Full Version : Html.Encode in HtmlEditor

22 Mar 2011, 3:53 AM
Using: Ext JS 3.3.0

I have the following problem. I have a form with a HtmlEditor. As soon as I use any html-markup like <b>...</b> or <i>...</i> then I get the following error:

Er is een fout opgetreden tijdens de verwerking van uw vraag (translates to: an error has occured during processing of your request):
A potentially dangerous Request.Form value was detected from the client (Naam="...JohnDoe<br>@3771cb159").

I suppose this is due to the contents of the HtmlEditor not being HtmlEncoded before sending them to the server, so Mallory can use this for cross-site scripting. The most obvious solution is of course to HtmlEncode the contents.

I have not been able to find a way to do this neatly. I have seen no properties or methods in the API of the HtmlEditor. A way around this I found on various forums is to encode the contents during the processing of the Ajax request, but this has severe disadvantages.

Is there an easier way around this?