I'm using Ajax Control Toolkit in my ASP.NET project and I have a problem with HtmlEditorExtender which name is ContentHtmlEditor. HtmlEditorExtender attached to TextBox which name is ContentBox.
I tried to make an XSS Atack. I edited html code with Chrome and inserted the following string:
<a href='javascript:alert()'>bla-bla-bla</a>
After post back ContentBox.Text equals to <a href="javascript:alert()">bla-bla-bla</a>.
As you can see javascript:alert() hasn't been removed but as I know Ajax Control Toolkit HtmlEditorExtender is using AntiXss Sanitizer.
When I call
ContentHtmlEditor.SanitizerProvider.GetSafeHtmlFragment("<a href='javascript:alert()'>bla-bla-bla</a>")
it returns:
<a>bla-bla-bla</a>
But there is a problem when I call
ContentHtmlEditor.SanitizerProvider.GetSafeHtmlFragment("<a href='http://somesite.com'>bla-bla-bla</a>")
because then it returns the same string:
<a>bla-bla-bla</a>
but I need to know the reference if the link.
What is the problem? And how can I prevent Xss Attacks on my site?
