ASP. NET learning note_12 ckeditor

1. ckeditor, formerly FCKeditor, is a famous HTML editor that can edit HTML content online. Ckeditor and ubbeditor are used by users.

Extract) to the JS directory, "show all files", "include the ckeditor directory in the project", and reference ckeditor on the posting page. JS, and then set the class = "ckeditor" (strong CSS) of the multi-line text box (cssclass = "ckeditor", the client control must set the Cols and rows attributes, generally, HTML controls are not directly used ),CodeYou can still access the editor content through the text attribute of the Textbox Control.

When the page is submitted, Asp.net regards the HTML content in the Rich Text Editor as the attack content, therefore, you must set validaterequest = "false" in the page tab of aspx to disable attack detection. (in section 2010, you must modify webconfig to disable XSS detection based on the error message ).

The following error occurs:

** Modify webconfig to disable XSS Detection

WhenAsp.netSubmit"<>"AspxIf you do not add"Validaterequest = "false""The following error occurs:Slave Client(<? XML version = "... = 'utf-8'?> <SOAP-ENV: envelope s ...")Potential Danger detected inRequest. FormValue.

If you areVs2008As longAspxThe starting part of the file is as follows:

<% @ Page Language ="C #"Codebehind ="News_add.aspx.cs"Inherits ="Ckeditor. Default"%>
 

AddValidaterequest = "false"You can.

HoweverVs2010This is not enough. AlsoDouble-click to openWeb. config, In<System. Web> </system. Web>Add the following statement

 
<Pages validaterequest ="False"/> <Httpruntime requestvalidationmode ="2.0"/>
 

2. ckfinder is a ckeditor plug-in that provides the file upload function for ckeditor. Import ckfinder.dll.pdf from bin \ releaseto the project objective. Unzip core‑ckfinder.js‑ckfinder.html and config. ascx to ckfinder's own directory. Modify the config. js of ckeditor according to the document and process the uploaded files.ProgramSet as ckfinder and pay attention to path issues.

 1 Ckeditor. editorconfig = Function (config)  2   {  3       //  Define changes to default configuration here. For example:  4       //  Config. Language = 'Fr ';  5      //  Config. uicolor = '# aadc6e ';  6   7       //  Change to the absolute path of ckfinder, starting from the local directory of the website.  8       VaR Ckfinderpath = "  /Admin/JS  "  ;  9 Config. filebrowserbrowseurl = ckfinderpath + '  /Ckfinder/ckfinder.html '  ;  10 Config. filebrowserimagebrowseurl = ckfinderpath + '  /Ckfinder/ckfinder.html? Type = Images  '  ;  11 Config. filebrowserflashbrowseurl = ckfinderpath + '  /Ckfinder/ckfinder.html? Type = flash  '  ;  12 Config. filebrowseruploadurl = ckfinderpath +'  /Ckfinder/CORE/connector/aspx/connector. aspx? Command = quickupload & type = files  '  ;  13 Config. filebrowserimageuploadurl = ckfinderpath + '  /Ckfinder/CORE/connector/aspx/connector. aspx? Command = quickupload & type = Images  '  ;  14 Config. filebrowserflashuploadurl = ckfinderpath + '  /Ckfinder/CORE/connector/aspx/connector. aspx? Command = quickupload & type = flash '  ;  15 };

During the test, "Upload" is performed in the insert hyperlink, insert image, and insert file. Because file upload is very dangerous, the permission verification is performed during file upload. In config. in the checkauthentication method of ascx, check whether you have the permission to upload. If true is returned, it indicates that you have the permission; otherwise, you do not have the permission. Generally, it is changed to checking whether the user is logged on and that the user has the permission to upload, you can use session or membership.

 1   Public   Override   Bool  Checkauthentication ()  2   {  3           // Warning: do not simply return "true". By doing so, you are allowing  4           //  "Anyone" to upload and list the files in your server. You must implement  5           //  Some kind of session validation here. Even something very simple...  6           //  7           //  Return (session ["isauthorized"]! = NULL & (bool) session ["isauthorized"] = true );  8          //  9           //  ... Where session ["isauthorized"] is set to "true" as soon as  10           //  User logs on your system.  11           Object OBJ = session [ "  Logged On  " ] = True  ;  12           If (OBJ! = Null & Convert. toboolean (OBJ) = True  )  13   {  14               Return   True  ;  15   }  16           Else  17   {  18          Return   False  ;  19   }  20 }

Thinking: How can users with specified IP addresses upload data?

 
If(Request. userhostaddress ="129.0.0.0.1"){Return True;}
 

In the setconfig function, set the location of the upload folder, such as baseurl and thumbnail, the upload path for each type of data, and the file type allowedextensions that can be uploaded.