We use cookies to give you the best experience on our website. If you continue to browse, then you agree to our privacy policy and cookie policy. (Last updated on: June 24, 2019).
Unfortunately, activation email could not send to your email. Please try again.
Syncfusion Feedback
Essential JS2

Syncfusion jQuery based widgets are no longer in active development. Switch to our pure JavaScript based next generation Essential JS 2 library.

Prevent XSS Attack in Rich Text

Thread ID:

Created:

Updated:

Platform:

Replies:

143568 Mar 27,2019 03:19 AM UTC Mar 27,2019 11:36 AM UTC jQuery 1
loading
Tags: ejRTE
Damien Turnbull
Asked On March 27, 2019 03:19 AM UTC

Hi

Having had recent security penetration tests conducted, it become apparent that when we saved the Rich Text control's html we open up our system to a cross site scripting attack. 

When we try to validate the html using a xss technique it always comes back as indicating that the Html is not valid.

I'm wondering if you have any experience to share as to how we best handle the Html data being posted via Ajax to our server without allowing for any xss attacks?

Thanks

Prince Oliver [Syncfusion]
Replied On March 27, 2019 11:36 AM UTC

Hello Damien, 

Greetings from Syncfusion support. 

Our controls do not have a built-in support for XSS protection, hence it is recommended that use HTML Sanitizer to check the requests. For further details regarding this, please check our UG documentation related to XSS Security. 


Let us know if you need any further assistance on this. 

Regards, 
Prince 


CONFIRMATION

This post will be permanently deleted. Are you sure you want to continue?

Sorry, An error occured while processing your request. Please try again later.

Please sign in to access our forum

This page will automatically be redirected to the sign-in page in 10 seconds.

Warning Icon You are using an outdated version of Internet Explorer that may not display all features of this and other websites. Upgrade to Internet Explorer 8 or newer for a better experience.Close Icon

Live Chat Icon For mobile
Live Chat Icon