Examples

How to filter HTML code in Rich Text Editor?

The new Filter HTML code functionality in Rich Text Editor 8 allows you to accept HTML input from your users, filter it to make sure it contains only an allowed set of tags, attributes and values and then display it without leaving yourself open to XSS holes.

The possible options are:

  • TagWhiteList - Allows you set a list of html tags that will not be removed from content sources.
  • TagBlackList - Allows you set a list of html tags that will be removed from content sources.
  • AttrWhiteList - Allows you set a list of html attributes that will not be removed from content sources.
  • AttrBlackList - Allows you set a list of html attributes that will be removed from content sources.
  • StyleWhiteList - Allows you set a list of style attributes that will not be removed from content sources.
  • StyleBlackList - Allows you set a list of style attributes that will be removed from content sources.
  • No HTML - All the HTML code will be filtered.
  • Full HTML - The filtering is disabled. Usually this option can be used for for trusted users.

Result html code: