NOTE: If you are upgrading from versions older than Sitefinity CMS 10.2 and you want to leverage the HTML sanitizer whitelist capabilities, you need to manually switch on the sanitizer. To do so, navigate to Administration » Settings » Advanced » Security. Make sure the Disable HTML sanitization checkbox is not selected. We recommend that once you switch on the HTML sanitizer, you test your website for potential issues with HTML content and content editing.
You use the HTML sanitizer API for your custom widgets, widget templates, and views, so that untrusted content is filtered out.
To use the HTML sanitizer in Web Form widgets, you call the following static methods in the Telerik.Sitefinity.Web.UI.ControlUtilities class:
When working with Feather, you need to use the following helper methods in the Telerik.Sitefinity.Frontend.Mvc.Helpers namespace:
In case your website scenario requires you to change the list with whitelisted elements, you can modify the default configuration of the HTML sanitizer. To do this, you create a new HTML sanitizer that extends the out-of-the-box capabilities of the default sanitizer and adds more elements to the whitelist. The following sample demonstrates how to add a custom_attribute to the HTML sanitizer whitelist:
Back To Top
To submit feedback, please update your cookie settings and allow the usage of Functional cookies.
Your feedback about this content is important
Copyright © 2020 Progress Software Corporation and/or its subsidiaries or affiliates.
All Rights Reserved.
Progress, Telerik, Ipswitch, and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.
Powered by Progress Sitefinity