Hello,
I am using a WebHtmlEditor control on a page and is configured as:
<ighedit:WebHtmlEditor EnableViewState="false" ID="txtEmailHTMLBody" runat="server" BackgroundImageName="" FontFormattingList="Heading 1=<h1>&Heading 2=<h2>&Heading 3=<h3>&Heading 4=<h4>&Heading 5=<h5>&Normal=<p>" FontNameList="Arial,Verdana,Tahoma,Courier New,Georgia" FontSizeList="1,2,3,4,5,6,7" FontStyleList="Blue Underline=color:blue;text-decoration:underline;&Red Bold=color:red;font-weight:bold;&ALL CAPS=text-transform:uppercase;&all lowercase=text-transform:lowercase;&Reset=" Height="380px" ImageDirectory="~/Images/Infragistics/HtmlEditor/" RightClickBehavior="Nothing" SpecialCharacterList="Ω,Σ,Δ,Φ,Γ,Ψ,Π,Θ,Ξ,Λ,ξ,μ,η,φ,ω,ε,θ,δ,ζ,ψ,β,π,σ,ß,þ,Þ,ƒ,Ж,Ш,Ю,Я,ж,ф,ш,ю,я,お,あ,絵,Æ,Å,Ç,Ð,Ñ,Ö,æ,å,ã,ç,ð,ë,ñ,¢,£,¤,¥,№,™,©,®,—,@,•,¡,,←,↑,→,↓,↔,↕,↖,↗,↘,↙,,¦,§,¨,ª,¬,¯,¶,°,±,«,»,·,¸,º,¹,²,³,¼,½,¾,¿,×,÷" TabStripDisplay="True" Width="680px" SpellCheckerID="objReportConfigurationWebSpellchecker"> <Toolbar Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False"> <ighedit:ToolbarImage runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="DoubleSeparator" /> <ighedit:ToolbarButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="Bold" /> <ighedit:ToolbarButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="Italic" /> <ighedit:ToolbarButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="Underline" /> <ighedit:ToolbarButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="Strikethrough" /> <ighedit:ToolbarImage runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="Separator" /> <ighedit:ToolbarButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="Subscript" /> <ighedit:ToolbarButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="Superscript" /> <ighedit:ToolbarImage runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="Separator" /> <ighedit:ToolbarDialogButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="FontColor"> <Dialog Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" /> </ighedit:ToolbarDialogButton> <ighedit:ToolbarDialogButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="FontHighlight"> <Dialog Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" /> </ighedit:ToolbarDialogButton> <ighedit:ToolbarDialogButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="SpecialCharacter"> <Dialog Strings="" InternalDialogType="SpecialCharacterPicker" Type="InternalWindow"></Dialog> </ighedit:ToolbarDialogButton> <ighedit:ToolbarImage runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="Separator" /> <ighedit:ToolbarButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="Indent" /> <ighedit:ToolbarButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="Outdent" /> <ighedit:ToolbarImage runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="Separator" /> <ighedit:ToolbarButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="UnorderedList" /> <ighedit:ToolbarButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="OrderedList" /> <ighedit:ToolbarImage runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="Separator" /> <ighedit:ToolbarButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="InsertLink" /> <ighedit:ToolbarButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="RemoveLink" /> <ighedit:ToolbarImage runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="Separator" /> <ighedit:ToolbarButton runat="server" Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" Type="SpellCheck" /> </Toolbar> <DropDownStyle Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" /> <ProgressBar Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" /> <DownlevelTextArea Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" /> <RightClickMenu Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False"> </RightClickMenu> <TextWindow Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" /> <DownlevelLabel Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" /> <TabStrip Font-Bold="False" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" /> <ClientSideEvents KeyDown="htmlEditor_Changed" AfterAction="htmlEditor_Changed" /> </ighedit:WebHtmlEditor> <igspell:WebSpellChecker ID="objReportConfigurationWebSpellchecker" runat="server" WebSpellCheckerDialogPage=".\SpellCheckerDialog.aspx"> <SpellOptions AllowXML="True" IncludeUserDictionaryInSuggestions="True"> </SpellOptions> <DialogOptions AllowMultipleDialogs="False" Modal="True" ShowNoErrorsMessage="false" ShowFinishedMessage="False" /> <ClientEvents SpellCheckComplete="objReportConfigurationWebSpellChecker_SpellCheckComplete" /> </igspell:WebSpellChecker>
When the following is pasted into the control, javascript can be executed.
<A onclick="alert('Javascript running 1');return false;" href="">Simple Text Link for Alert</A><BR><form><INPUT onclick='alert("Javascript running 2")' value="ORDINARY BUTTON" type=button> </form>
<BR><BR>a you <A onclick="document.write('Greener was here');" href="">ClickME!</A>
Is there a way to disable this javascript from executing?
Thanks
Hi Warwick,
The behavior of editing area of WebHtmlEditor (under IE it is DIV with contentEditable=true) is defined by browser and WebHtmlEditor is not able to change/prevent that. Application may try to process and stop/cancel browser events like 'click', 'mousedown', etc., but that may destroy functionality of editor. That is also not realistic, because user may potentially "paste" triggers like mousemove or whatever, so absolutely all browser events should be canceled.