输入验证使用富文本编辑器当 [英] Input Validation When Using a Rich Text Editor

问题描述

我有一个ASP.NET MVC应用程序，我使用的CKEditor 用于文本输入。我已经关闭输入验证所以从CKEditor的创建的HTML可以被传递到控制器的动作。我然后表示在网页上输入的HTML

I have an ASP.NET MVC application and I'm using CKEditor for text entry. I have turned off input validation so the HTML created from CKEditor can be passed into the controller action. I am then showing the entered HTML on a web page.

我只有某些按钮上的CKEditor启用，但显然有人能送他们想下来的任何文字。我希望能够在页面上显示的HTML用户输入后。我如何验证输入，但依然能够显示在编辑器中启用了几件事情？

I only have certain buttons on CKEditor enabled, but obviously someone could send whatever text they want down. I want to be able to show the HTML on the page after the user has entered it. How can I validate the input, but still be able to show the few things that are enabled in the editor?

所以基本上我想消毒除了像黑体，斜体，列表和链接一些关键的东西应有尽有。这需要做服务器侧

So basically I want to sanitize everything except for a few key things like bold, italics, lists and links. This needs to be done server side.

推荐答案

如何 AntiXSS ？

这篇关于输入验证使用富文本编辑器当的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！