Hi
Having had recent security penetration tests conducted, it become apparent that when we saved the Rich Text control's html we open up our system to a cross site scripting attack.
When we try to validate the html using a xss technique it always comes back as indicating that the Html is not valid.
I'm wondering if you have any experience to share as to how we best handle the Html data being posted via Ajax to our server without allowing for any xss attacks?
Thanks