This project needs a lot more work (serious security issue)

Jan 11, 2011 at 2:04 PM
Edited Jan 11, 2011 at 2:05 PM

The last code update to this project was back in 2008 and there were known issues with the control back then. The primary developer and myself are not actively updating the control. Do note that there are potential XSS security vulnerabilities with this control unless you validate and/or filter any form inputs from it on the server. It would take a lot of work to get this where it needs to be.

There are other great WYSIWYG web editors for ASP.NET available. One alternative to look at is the HTMLEditor that is a part of recent versions of the ASP.NET AJAX Control Toolkit which can be found here on CodePlex.

All that being said, it was a lot of fun contributing to this control and it remains an interesting collection of code to take a look at and learn from.