HtmlAgilityPackSanitizerProvider不工作,我做错了

本文关键字:错了 工作 HtmlAgilityPackSanitizerProvider | 更新日期: 2023-09-27 18:10:24

Asp.net 4.5, IIS 8

消毒程序甚至没有删除这个简单的脚本

<script>alert('error')</script>

这里是我的配置

 <asp:TextBox ID="txtMessageBody" TextMode="MultiLine" Height="500px" runat="server"
 CssClass="MessageSendArea" MaxLength="4000" ClientIDMode="Static" />
        <ajaxToolkit:HtmlEditorExtender ID="htmlEditorExtender1" TargetControlID="txtMessageBody"
                    runat="server" DisplaySourceTab="True">
                    <Toolbar>
                        <ajaxToolkit:Undo />
                        <ajaxToolkit:Redo />
                        <ajaxToolkit:Bold />
                        <ajaxToolkit:Italic />
                        <ajaxToolkit:Underline />
                        <ajaxToolkit:StrikeThrough />
                        <ajaxToolkit:Subscript />
                        <ajaxToolkit:Superscript />
                        <ajaxToolkit:JustifyLeft />
                        <ajaxToolkit:JustifyCenter />
                        <ajaxToolkit:JustifyRight />
                        <ajaxToolkit:JustifyFull />
                        <ajaxToolkit:InsertOrderedList />
                        <ajaxToolkit:InsertUnorderedList />
                        <ajaxToolkit:CreateLink />
                        <ajaxToolkit:UnLink />
                        <ajaxToolkit:RemoveFormat />
                        <ajaxToolkit:SelectAll />
                        <ajaxToolkit:UnSelect />
                        <ajaxToolkit:Delete />
                        <ajaxToolkit:Cut />
                        <ajaxToolkit:Copy />
                        <ajaxToolkit:Paste />
                        <ajaxToolkit:BackgroundColorSelector />
                        <ajaxToolkit:ForeColorSelector />
                        <ajaxToolkit:FontNameSelector />
                        <ajaxToolkit:FontSizeSelector />
                        <ajaxToolkit:Indent />
                        <ajaxToolkit:Outdent />
                        <ajaxToolkit:InsertHorizontalRule />
                        <ajaxToolkit:HorizontalSeparator />
                    </Toolbar>
                </ajaxToolkit:HtmlEditorExtender>

Here my webconfig

  <configSections>
<sectionGroup name="system.web">
  <section name="sanitizer" requirePermission="false" type="AjaxControlToolkit.Sanitizer.ProviderSanitizerSection, AjaxControlToolkit"/>
</sectionGroup>


  <trust level="Full"/>
<sanitizer defaultProvider="HtmlAgilityPackSanitizerProvider">
  <providers>
    <add name="HtmlAgilityPackSanitizerProvider" type="AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider"/>
  </providers>
</sanitizer>

here my check

        if (htmlEditorExtender1.SanitizerProvider == null)
    {
        Response.Redirect("PostNewPM.aspx");
    }

当我发布上面的警报脚本消息

时,我得到的结果
&lt;script&gt;alert('error')&lt;/script&gt;

解码后显示给用户

<script>alert('error')</script>

HtmlAgilityPackSanitizerProvider不工作,我做错了

按如下方式添加SanitizerProvider属性:

<ajaxToolkit:HtmlEditorExtender ID="htmlEditorExtender1" 
    TargetControlID="txtMessageBody"
    runat="server" DisplaySourceTab="True" 
    SanitizerProvider="HtmlAgilityPackSanitizerProvider">
相关文章: