You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Oct 14, 2024. It is now read-only.
Go to demo page
Type "Hello world!<script>alert();</script>"
Submit content
Actual result
"Hello worldalert()"
Script tags and semicolon are removed as well as the exclamation point.
If you try submitting "Hello world! <script>alert();</script>", the space before <script> is removed. It's truncating whatever character precedes <script>.
Expected result
No truncating. Also, should the semicolon be removed as part of the sanitization process?
###Addition questions/issues
***With EnableSanitization set to false when tested in local project
***Using user controls (ascx)
I am experiencing overall weird behavior when displaying/rendering text using the extender on a textbox. For example, when the page first loads, my textbox should display <script>alert();</script> (underlined as well). Instead, it is blank. When I reload the page thru an Update button, it displays "<script>alert();</script>" instead of the rich text format. In my database, the value is stored as "<script><b><i><u>alert();</u></i></b></script>". What am I doing wrong? Do I have something configured incorrectly? Thanks in advance for the help.
The AJAX Control Toolkit \19.1.0\
The installation method
Minimal steps to reproduce the bug
Go to demo page
Type "Hello world!<script>alert();</script>"
Submit content
Actual result
"Hello worldalert()"
Script tags and semicolon are removed as well as the exclamation point.
If you try submitting "Hello world! <script>alert();</script>", the space before <script> is removed. It's truncating whatever character precedes <script>.
Expected result
No truncating. Also, should the semicolon be removed as part of the sanitization process?
###Addition questions/issues
***With EnableSanitization set to false when tested in local project
***Using user controls (ascx)
I am experiencing overall weird behavior when displaying/rendering text using the extender on a textbox. For example, when the page first loads, my textbox should display <script>alert();</script> (underlined as well). Instead, it is blank. When I reload the page thru an Update button, it displays "<script>alert();</script>" instead of the rich text format. In my database, the value is stored as "<script><b><i><u>alert();</u></i></b></script>". What am I doing wrong? Do I have something configured incorrectly? Thanks in advance for the help.
Browser(s) used
Chrome
A site deployment method