Hi,
I was able to get CKEditor working nicely in my MVC project and can save the html encoded content generated. So now I need to protect against unwanted content.
I thought I read in the documentation that content filtering is automatic by default. That suggested to me that the tool can do its own checking, since it knows what html encoding it is configured to allow. So I tried a simple <script> insert and things blew up. I certainly apologize for my limited experience. Since the tool is so cool and works so well, I'm assuming I really did miss something in the documentation, so I figure if I asked you could point me to the appropriate place to understand precisely what the tool does in the area of XSS. I didn't really expect it would handle it, but the docs seem to suggest it by my reading, or my misunderstanding.
I originally came to the documentation today to see if there is a file created by the app that lists all the html encoding a given configuration is capable of generating. That seemed to be what I need to create my whitelist. Is that an off-base idea? Is such a file available for a given configuration that I can then read and use for whitelisting?
Thanks so much. Any help appreciated.
Best Regards,
Alan