locked
Sanitizer provider is not configured in the web.config file. If you are using the HtmlEditorExtender with a public website then please configure a Sanitizer provider. Otherwise, set the Enable Sanitization property to false. RRS feed

Answers

  • User-661350001 posted
    please add the below to web.config 
    
    <configuration>
    <configSections>
    <sectionGroup name="system.web">
    <section name="sanitizer" requirePermission="false" type="AjaxControlToolkit.Sanitizer.ProviderSanitizerSection, AjaxControlToolkit"/>
    </sectionGroup>
    </configSections>
    <system.web>
    <compilation targetFramework="4.0" debug="true"/>
    <sanitizer defaultProvider="AntiXssSanitizerProvider">
    <providers>
    <add name="AntiXssSanitizerProvider" type="AjaxControlToolkit.Sanitizer.AntiXssSanitizerProvider"></add>
    </providers>
    </sanitizer>
    </system.web>
    </configuration>
    
    please check this
    http://stephenwalther.com/archive/2011/08/01/ajax-control-toolkit-july-2011-release-and-the-new-html.aspx
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, July 16, 2012 8:19 AM

All replies

  • User-661350001 posted
    please add the below to web.config 
    
    <configuration>
    <configSections>
    <sectionGroup name="system.web">
    <section name="sanitizer" requirePermission="false" type="AjaxControlToolkit.Sanitizer.ProviderSanitizerSection, AjaxControlToolkit"/>
    </sectionGroup>
    </configSections>
    <system.web>
    <compilation targetFramework="4.0" debug="true"/>
    <sanitizer defaultProvider="AntiXssSanitizerProvider">
    <providers>
    <add name="AntiXssSanitizerProvider" type="AjaxControlToolkit.Sanitizer.AntiXssSanitizerProvider"></add>
    </providers>
    </sanitizer>
    </system.web>
    </configuration>
    
    please check this
    http://stephenwalther.com/archive/2011/08/01/ajax-control-toolkit-july-2011-release-and-the-new-html.aspx
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, July 16, 2012 8:19 AM
  • User542110729 posted

    this might help if you are using the June 2012 AjaxControlToolkit

    http://stephenwalther.com/archive/2012/06/25/announcing-the-june-2012-release-of-the-ajax-control-toolkit.aspx

    Monday, July 16, 2012 3:25 PM
  • User555306248 posted

    We strongly recommend that you do not use the HtmlEditorExtender on a public website           without using the AntiXSS Sanitizer Provider. If you do not use the AntiXss Sanitizer           Provider then your website will be open to Cross-Site Scripting (XSS) Attacks.        

            The AntiXSS Sanitizer Provider is included in the SanitizerProviders folder with the         CodePlex release of the Ajax Control Toolkit. You need to add a reference to all three        assemblies contained in the folder: SanitizerProviders.dll, AntiXSSLibrary.dll, and         HtmlSanitizationLibrary.dll.       

            You must add the following configuration sections to your Web.config file to enable the        provider:       

    <configuration>
    <configSections>
      <sectionGroup name="system.web">
    	<section name="sanitizer" 
          requirePermission="false" 
          type="AjaxControlToolkit.Sanitizer.ProviderSanitizerSection, 
            AjaxControlToolkit"/>
          </sectionGroup>
    </configSections>
    <system.web>
    	<compilation targetFramework="4.0" debug="true"/>
    	<sanitizer defaultProvider="AntiXssSanitizerProvider">
    		<providers>
    			<add name="AntiXssSanitizerProvider" 
                type="AjaxControlToolkit.Sanitizer.
                  AntiXssSanitizerProvider"></add>
    		</providers>
    	</sanitizer>
    </system.web>
    </configuration>
    

    http://www.asp.net/ajaxLibrary/AjaxControlToolkitSampleSite/HTMLEditorExtender/HTMLEditorExtender.aspx

    http://stephenwalther.com/archive/2011/08/01/ajax-control-toolkit-july-2011-release-and-the-new-html.aspx

    Monday, July 16, 2012 11:19 PM