Apologies if this has already been asked and answered but I cannot find the post.
I am using CKEditor 3.5.2 (revision 6449) in an ASP>NET 4.0 Web App and I cannot seem to HTML encode just the user input. for instance
A user enter "Hello World" in the editor and I am saving this in my DB as
Not 100% why the space after the paragraph open tag but thats not my issue if the same user enters
it is saved to my db as
The quotes are encoded with no interaction from me but how would I encode the entire string so that the html that they entered is fully encoded e.g.
Thanks in advance
I am using CKEditor 3.5.2 (revision 6449) in an ASP>NET 4.0 Web App and I cannot seem to HTML encode just the user input. for instance
A user enter "Hello World" in the editor and I am saving this in my DB as
<p> Hello World</p>
Not 100% why the space after the paragraph open tag but thats not my issue if the same user enters
<script>function hackme() {alert("Whats up!")}</script><input type="button"; value="Completely safe button" onclick="hackme()" />it is saved to my db as
<p> <script>function hackme() {alert("Whats up!")}</script><input type="button"; value="Completely safe button" onclick="hackme()" /></p> The quotes are encoded with no interaction from me but how would I encode the entire string so that the html that they entered is fully encoded e.g.
<p><script>function hackme() {alert("Whats up!")}</script><input type="button"; value="Completely safe button" onclick="hackme()" /></p> note the paragraph tags have not been alteredThanks in advance
Re: HTMLEncode all the user input
ps, In retrospect I should have tried this first but mouth engaged before brain!!