HtmlEditorExtender 剥离预标记
HtmlEditorExtender stripes out pre tag
我编写了自己的引用系统,因为 HtmlEditorExtender 没有引用系统。还是有?
asp.net 4.5 和 ASP.NET AJAX 控制工具包 16.1.0.0
2016年我们还没有白名单功能吗?
对于引用,我使用的是 pre 标签。然而,最新的 HtmlEditorExtender 版本 16.1.0 去除了 pre 标签。它只是删除了包含 pre 标签的部分。
我是说喜欢
<pre><pre>CeFurkan: Wrote</pre>dsfsdfs</pre>
这是在发布到服务器之前在客户端删除的。我怎样才能允许这个标签?
我也尝试使用 span class="myClass",这次它删除了 class 标签
我的设置是
代码隐藏
htmlEditorExtender1.EnableSanitization = true;
前台代码
<ajaxToolkit:HtmlEditorExtender ID="htmlEditorExtender1" TargetControlID="txtMessageBody"
runat="server" DisplaySourceTab="True">
<Toolbar>
<ajaxToolkit:Undo />
<ajaxToolkit:Redo />
<ajaxToolkit:Bold />
<ajaxToolkit:Italic />
<ajaxToolkit:Underline />
<ajaxToolkit:StrikeThrough />
<ajaxToolkit:Subscript />
<ajaxToolkit:Superscript />
<ajaxToolkit:JustifyLeft />
<ajaxToolkit:JustifyCenter />
<ajaxToolkit:JustifyRight />
<ajaxToolkit:JustifyFull />
<ajaxToolkit:InsertOrderedList />
<ajaxToolkit:InsertUnorderedList />
<ajaxToolkit:CreateLink />
<ajaxToolkit:UnLink />
<ajaxToolkit:RemoveFormat />
<ajaxToolkit:SelectAll />
<ajaxToolkit:UnSelect />
<ajaxToolkit:Delete />
<ajaxToolkit:Cut />
<ajaxToolkit:Copy />
<ajaxToolkit:Paste />
<ajaxToolkit:BackgroundColorSelector />
<ajaxToolkit:ForeColorSelector />
<ajaxToolkit:FontNameSelector />
<ajaxToolkit:FontSizeSelector />
<ajaxToolkit:Indent />
<ajaxToolkit:Outdent />
<ajaxToolkit:InsertHorizontalRule />
<ajaxToolkit:HorizontalSeparator />
</Toolbar>
</ajaxToolkit:HtmlEditorExtender>
和网络配置
<ajaxControlToolkit useStaticResources="true" renderStyleLinks="false" htmlSanitizer="AjaxControlToolkit.HtmlEditor.Sanitizer.DefaultHtmlSanitizer, AjaxControlToolkit.HtmlEditor.Sanitizer" />
尝试 Yuriy 的答案时给出的完整错误
Value cannot be null.
Parameter name: type
Stack:
at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at System.Activator.CreateInstance(Type type)
at AjaxControlToolkit.HtmlEditorExtender.CreateSanitizer()
at System.Lazy`1.CreateValue()
at System.Lazy`1.LazyInitValue()
at System.Lazy`1.get_Value()
at AjaxControlToolkit.HtmlEditorExtender.get_Sanitizer()
at AjaxControlToolkit.HtmlEditorExtender.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
class实施
我认为最简单的方法是创建自己的 IHtmlSanitizer 实现,继承 DefaultHtmlSanitizer 并重写 GetSafeHtmlFragment 方法,如下所示
public class MyHtmlSanitizer : DefaultHtmlSanitizer, IHtmlSanitizer
{
private static readonly string[] whiteListTags = (ConfigurationManager.AppSettings["whiteListTags"] ?? "").Split(',');
string IHtmlSanitizer.GetSafeHtmlFragment(string htmlFragment, Dictionary<string, string[]> whiteList)
{
foreach (var tag in whiteListTags)
{
if (!whiteList.ContainsKey(tag))
whiteList.Add(tag, new string[0]);
}
return base.GetSafeHtmlFragment(htmlFragment, whiteList);
}
}
然后添加到 web.config 设置自己的标签白名单的 appSettings 部分:
<appSettings>
<add key="whiteListTags" value="pre"/>
</appSettings>
并配置工具包以使用此消毒剂而不是默认消毒剂:
<ajaxControlToolkit
useStaticResources="true"
renderStyleLinks="false"
htmlSanitizer="AjaxControlToolkit.Customization.MyHtmlSanitizer, AjaxControlToolkit.Customization"
tempFolder="~/Temp"/>
我编写了自己的引用系统,因为 HtmlEditorExtender 没有引用系统。还是有?
asp.net 4.5 和 ASP.NET AJAX 控制工具包 16.1.0.0
2016年我们还没有白名单功能吗?
对于引用,我使用的是 pre 标签。然而,最新的 HtmlEditorExtender 版本 16.1.0 去除了 pre 标签。它只是删除了包含 pre 标签的部分。
我是说喜欢
<pre><pre>CeFurkan: Wrote</pre>dsfsdfs</pre>
这是在发布到服务器之前在客户端删除的。我怎样才能允许这个标签?
我也尝试使用 span class="myClass",这次它删除了 class 标签
我的设置是
代码隐藏
htmlEditorExtender1.EnableSanitization = true;
前台代码
<ajaxToolkit:HtmlEditorExtender ID="htmlEditorExtender1" TargetControlID="txtMessageBody"
runat="server" DisplaySourceTab="True">
<Toolbar>
<ajaxToolkit:Undo />
<ajaxToolkit:Redo />
<ajaxToolkit:Bold />
<ajaxToolkit:Italic />
<ajaxToolkit:Underline />
<ajaxToolkit:StrikeThrough />
<ajaxToolkit:Subscript />
<ajaxToolkit:Superscript />
<ajaxToolkit:JustifyLeft />
<ajaxToolkit:JustifyCenter />
<ajaxToolkit:JustifyRight />
<ajaxToolkit:JustifyFull />
<ajaxToolkit:InsertOrderedList />
<ajaxToolkit:InsertUnorderedList />
<ajaxToolkit:CreateLink />
<ajaxToolkit:UnLink />
<ajaxToolkit:RemoveFormat />
<ajaxToolkit:SelectAll />
<ajaxToolkit:UnSelect />
<ajaxToolkit:Delete />
<ajaxToolkit:Cut />
<ajaxToolkit:Copy />
<ajaxToolkit:Paste />
<ajaxToolkit:BackgroundColorSelector />
<ajaxToolkit:ForeColorSelector />
<ajaxToolkit:FontNameSelector />
<ajaxToolkit:FontSizeSelector />
<ajaxToolkit:Indent />
<ajaxToolkit:Outdent />
<ajaxToolkit:InsertHorizontalRule />
<ajaxToolkit:HorizontalSeparator />
</Toolbar>
</ajaxToolkit:HtmlEditorExtender>
和网络配置
<ajaxControlToolkit useStaticResources="true" renderStyleLinks="false" htmlSanitizer="AjaxControlToolkit.HtmlEditor.Sanitizer.DefaultHtmlSanitizer, AjaxControlToolkit.HtmlEditor.Sanitizer" />
尝试 Yuriy 的答案时给出的完整错误
Value cannot be null.
Parameter name: type
Stack:
at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at System.Activator.CreateInstance(Type type)
at AjaxControlToolkit.HtmlEditorExtender.CreateSanitizer()
at System.Lazy`1.CreateValue()
at System.Lazy`1.LazyInitValue()
at System.Lazy`1.get_Value()
at AjaxControlToolkit.HtmlEditorExtender.get_Sanitizer()
at AjaxControlToolkit.HtmlEditorExtender.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
class实施
我认为最简单的方法是创建自己的 IHtmlSanitizer 实现,继承 DefaultHtmlSanitizer 并重写 GetSafeHtmlFragment 方法,如下所示
public class MyHtmlSanitizer : DefaultHtmlSanitizer, IHtmlSanitizer
{
private static readonly string[] whiteListTags = (ConfigurationManager.AppSettings["whiteListTags"] ?? "").Split(',');
string IHtmlSanitizer.GetSafeHtmlFragment(string htmlFragment, Dictionary<string, string[]> whiteList)
{
foreach (var tag in whiteListTags)
{
if (!whiteList.ContainsKey(tag))
whiteList.Add(tag, new string[0]);
}
return base.GetSafeHtmlFragment(htmlFragment, whiteList);
}
}
然后添加到 web.config 设置自己的标签白名单的 appSettings 部分:
<appSettings>
<add key="whiteListTags" value="pre"/>
</appSettings>
并配置工具包以使用此消毒剂而不是默认消毒剂:
<ajaxControlToolkit
useStaticResources="true"
renderStyleLinks="false"
htmlSanitizer="AjaxControlToolkit.Customization.MyHtmlSanitizer, AjaxControlToolkit.Customization"
tempFolder="~/Temp"/>