HtmlEditorExtender stripes out pre tag

Question

I have coded my own quoting system since HtmlEditorExtender does not have a quote system. Or does it have?

asp.net 4.5 and ASP.NET AJAX Control Toolkit 16.1.0.0

In 2016 do we still not have whitelisting feature?

For quote, i am using pre tag. However, the latest HtmlEditorExtender in version 16.1.0 stripes out the pre tag. It just removes the part that contains pre tag.

I mean like

<pre><pre>CeFurkan: Wrote</pre>dsfsdfs</pre>

This is removed at the client side before posting to the server. How can i allow this tag?

I also tried with span class="myClass" and it removes class tag this time

my settings are

code behind

htmlEditorExtender1.EnableSanitization = true;

front code

<ajaxToolkit:HtmlEditorExtender ID="htmlEditorExtender1" TargetControlID="txtMessageBody"
                    runat="server" DisplaySourceTab="True">
                    <Toolbar>
                        <ajaxToolkit:Undo />
                        <ajaxToolkit:Redo />
                        <ajaxToolkit:Bold />
                        <ajaxToolkit:Italic />
                        <ajaxToolkit:Underline />
                        <ajaxToolkit:StrikeThrough />
                        <ajaxToolkit:Subscript />
                        <ajaxToolkit:Superscript />
                        <ajaxToolkit:JustifyLeft />
                        <ajaxToolkit:JustifyCenter />
                        <ajaxToolkit:JustifyRight />
                        <ajaxToolkit:JustifyFull />
                        <ajaxToolkit:InsertOrderedList />
                        <ajaxToolkit:InsertUnorderedList />
                        <ajaxToolkit:CreateLink />
                        <ajaxToolkit:UnLink />
                        <ajaxToolkit:RemoveFormat />
                        <ajaxToolkit:SelectAll />
                        <ajaxToolkit:UnSelect />
                        <ajaxToolkit:Delete />
                        <ajaxToolkit:Cut />
                        <ajaxToolkit:Copy />
                        <ajaxToolkit:Paste />
                        <ajaxToolkit:BackgroundColorSelector />
                        <ajaxToolkit:ForeColorSelector />
                        <ajaxToolkit:FontNameSelector />
                        <ajaxToolkit:FontSizeSelector />
                        <ajaxToolkit:Indent />
                        <ajaxToolkit:Outdent />
                        <ajaxToolkit:InsertHorizontalRule />
                        <ajaxToolkit:HorizontalSeparator />
                    </Toolbar>
                </ajaxToolkit:HtmlEditorExtender>

And web config

<ajaxControlToolkit useStaticResources="true" renderStyleLinks="false" htmlSanitizer="AjaxControlToolkit.HtmlEditor.Sanitizer.DefaultHtmlSanitizer, AjaxControlToolkit.HtmlEditor.Sanitizer" />

the full error it gives when the answer of Yuriy tried

    Value cannot be null.
Parameter name: type
Stack:
   at System.Activator.CreateInstance(Type type, Boolean nonPublic)
   at System.Activator.CreateInstance(Type type)
   at AjaxControlToolkit.HtmlEditorExtender.CreateSanitizer()
   at System.Lazy`1.CreateValue()
   at System.Lazy`1.LazyInitValue()
   at System.Lazy`1.get_Value()
   at AjaxControlToolkit.HtmlEditorExtender.get_Sanitizer()
   at AjaxControlToolkit.HtmlEditorExtender.OnInit(EventArgs e)
   at System.Web.UI.Control.InitRecursive(Control namingContainer)
   at System.Web.UI.Control.InitRecursive(Control namingContainer)
   at System.Web.UI.Control.InitRecursive(Control namingContainer)
   at System.Web.UI.Control.InitRecursive(Control namingContainer)
   at System.Web.UI.Control.InitRecursive(Control namingContainer)
   at System.Web.UI.Control.InitRecursive(Control namingContainer)
   at System.Web.UI.Control.InitRecursive(Control namingContainer)
   at System.Web.UI.Control.InitRecursive(Control namingContainer)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

class implementation

score 1 · Accepted Answer · answered Jun 09 '16 at 10:20

1

The most easiest way in my opinion is to create own implementation of the IHtmlSanitizer inheriting the DefaultHtmlSanitizer and override the GetSafeHtmlFragment method as below

public class MyHtmlSanitizer : DefaultHtmlSanitizer, IHtmlSanitizer
{
    private static readonly string[] whiteListTags = (ConfigurationManager.AppSettings["whiteListTags"] ?? "").Split(',');

    string IHtmlSanitizer.GetSafeHtmlFragment(string htmlFragment, Dictionary<string, string[]> whiteList)
    {
        foreach (var tag in whiteListTags)
        {
            if (!whiteList.ContainsKey(tag))
                whiteList.Add(tag, new string[0]);
        }

        return base.GetSafeHtmlFragment(htmlFragment, whiteList);

    }
}

Then add to appSettings section of web.config setting for own tags white list:

<appSettings>
  <add key="whiteListTags" value="pre"/>
</appSettings>

And configure toolkit to use this sanitizer instead of the default:

<ajaxControlToolkit
  useStaticResources="true"
  renderStyleLinks="false"
  htmlSanitizer="AjaxControlToolkit.Customization.MyHtmlSanitizer, AjaxControlToolkit.Customization"
  tempFolder="~/Temp"/>

answered Jun 09 '16 at 10:20

Yuriy Rozhovetskiy

22,270
4
37
68

ty very much for answer but it gave error :( at System.Activator.CreateInstance(Type type, Boolean nonPublic) at System.Activator.CreateInstance(Type type) at AjaxControlToolkit.HtmlEditorExtender.CreateSanitizer() at System.Lazy`1.CreateValue() at System.Lazy`1.LazyInitValue() at System.Lazy`1.get_Value() at AjaxControlToolkit.HtmlEditorExtender.get_Sanitizer( – Furkan Gözükara Jun 09 '16 at 10:50
@MonsterMMORPG fix type name in ajaxControlToolkit.htmlSanitizer according to type name of custom sanotozer in your project – Yuriy Rozhovetskiy Jun 09 '16 at 10:58
Yuriy i dont have any custom sanitizer. I have implemented the default one. Also i followed your answer. Added a new class exactly as yours and then modified the web config as you said – Furkan Gözükara Jun 09 '16 at 11:03
This is `AjaxControlToolkit.Customization.MyHtmlSanitizer, AjaxControlToolkit.Customization` name of new Sanitizer in **MY** solution. Replace it with type name of new sanitizer in **YOUR** solution. – Yuriy Rozhovetskiy Jun 09 '16 at 11:12
ty for answer but i dont get it. what naming are you referring? where do we define name? this is how i added your class http://i.stack.imgur.com/QaEWF.png . this was my default webconfig : – Furkan Gözükara Jun 09 '16 at 11:16
Use this one: `htmlSanitizer="MyHtmlSanitizer, App_Code"` – Yuriy Rozhovetskiy Jun 09 '16 at 11:28
ty very much seems like working now :) this htmlsanitizer do at server side check too right? – Furkan Gözükara Jun 09 '16 at 11:32

HtmlEditorExtender stripes out pre tag

1 Answers1