Hello:
I am wondering if someone can advise on security issue reguarding the use of Editor. With the asp.net platform, in order to process Editor content, I have disabled input validation and the controller action level. But if a user ‘guesses’ that input validation is disabled, would the user not be able to type in malicious scripts in the editor and submit that?
I am sure this is a common concern when using rich text editor and asp.net in general, but I could not find a good solution to allow html tags AND prevent malicious scripts at the same time. I would appreciate any advise on this.
Thank you!
