I want to use the Ajax HTMLEditorExtender. The webpage on it strongly recommends protecting the website that uses this, from XSS (malicious scripting). So they say to modify the web.config as follows:
<configuration><configSections><sectionGroup name="system.web"><section name="sanitizer"
requirePermission="false"
type="AjaxControlToolkit.Sanitizer.ProviderSanitizerSection,
AjaxControlToolkit"/></sectionGroup></configSections>
AND correspondingly:<system.web><sanitizer defaultProvider="AntiXssSanitizerProvider"><providers><add name="AntiXssSanitizerProvider"
type="AjaxControlToolkit.Sanitizer.
AntiXssSanitizerProvider"></add></providers></sanitizer>
The problem is that the name "sanitizer" is not recognized (the part within System.web) even though the first part of the web.config creates a "section name" for it.
Is the documentation outdated? Thanks,