1. CKEditor, formerly FckEditor, is a famous HTML editor that can edit HTML content online. CKEditor and UBBEditor are used by users.
Extract) to the js directory, "show all files", "include the ckeditor directory in the project", and reference ckeditor on the posting page. js, and then set the class = "ckeditor" (strong CSS) of the multi-line text box (CssClass = "ckeditor", the client control must set the cols and rows attributes, generally, html controls are not directly used. In the code, you can still access the editor content through the Text attribute of the TextBox Control.
When the page is submitted, asp.net regards the html content in the Rich Text Editor as the attack content, therefore, you must set ValidateRequest = "false" in the Page tab of aspx to disable attack detection. (in section 2010, you must modify WebConfig to disable XSS detection based on the error message ).
The following error occurs:
** Modify WebConfig to disable XSS Detection
WhenAsp.netSubmit"<>"AspxIf you do not add"ValidateRequest = "false""The following error occurs:Slave Client(<? Xml version = "... = 'utf-8'?> <SOAP-ENV: Envelope S ...")Potential Danger detected inRequest. FormValue.
If you areVs2008As longAspxThe starting part of the file is as follows:
Copy codeThe Code is as follows:
<% @ Page Language = "C #" CodeBehind = "News_add.aspx.cs" Inherits = "CKEditor. Default" %> Add ValidateRequest = "false.
However, this is not enough for VS2010. You also need to double-click to open web. config and add the following statement between <system. web> </system. web>.
Copy codeThe Code is as follows:
<Pages validateRequest = "false"/>
<HttpRuntime requestValidationMode = "2.0" type = "codeph" text = "/codeph"/>
2. CKFinder is a CKEditor plug-in that provides the file upload function for CKEditor. Import ckfinder.dll.pdf from bin \ releaseto the project objective. Unzip core‑ckfinder.js‑ckfinder.html and config. ascx to CKFinder's own directory. Modify the config. js of CKEditor according to the document, set the uploaded handler to CKFinder, and pay attention to the path.
Copy codeThe Code is as follows:
CKEDITOR. editorConfig = function (config)
{
// Define changes to default configuration here. For example:
// Config. language = 'Fr ';
// Config. uiColor = '# AADC6E ';
// Change to the absolute path of ckfinder, starting from the local directory of the website
Var ckfinderPath = "/admin/js ";
Config. filebrowserBrowseUrl = ckfinderPath + '/ckfinder/ckfinder.html ';
Config. filebrowserImageBrowseUrl = ckfinderPath + '/ckfinder/ckfinder.html? Type = Images ';
Config. filebrowserFlashBrowseUrl = ckfinderPath + '/ckfinder/ckfinder.html? Type = Flash ';
Config. filebrowserUploadUrl = ckfinderPath + '/ckfinder/core/connector/aspx/connector. aspx? Command = QuickUpload & type = Files ';
Config. filebrowserImageUploadUrl = ckfinderPath + '/ckfinder/core/connector/aspx/connector. aspx? Command = QuickUpload & type = Images ';
Config. filebrowserFlashUploadUrl = ckfinderPath + '/ckfinder/core/connector/aspx/connector. aspx? Command = QuickUpload & type = Flash ';
};
During the test, "Upload" is performed in the insert hyperlink, insert image, and insert file. Because file upload is very dangerous, the permission verification is performed during file upload. In config. in the CheckAuthentication method of ascx, check whether you have the permission to upload. If true is returned, it indicates that you have the permission; otherwise, you do not have the permission. Generally, it is changed to checking whether the user is logged on and that the user has the permission to upload, you can use Session or Membership.
Copy codeThe Code is as follows:
Public override bool CheckAuthentication ()
{
// WARNING: do not simply return "true". By doing so, you are allowing
// "Anyone" to upload and list the files in your server. You must implement
// Some kind of session validation here. Even something very simple...
//
// Return (Session ["IsAuthorized"]! = Null & (bool) Session ["IsAuthorized"] = true );
//
//... Where Session ["IsAuthorized"] is set to "true" as soon as
// User logs on your system.
Object obj = Session ["logged on"] = true;
If (obj! = Null & Convert. ToBoolean (obj) = true)
{
Return true;
}
Else
{
Return false;
}
}
Thinking: How can users with specified IP addresses upload data?
Copy codeThe Code is as follows:
If (Request. UserHostAddress = "129.0.0.0.1") {return true ;}
In the SetConfig function, set the location of the upload folder, such as BaseUrl and thumbnail, the upload path for each type of data, and the file type AllowedExtensions that can be uploaded.