Asp.net 4.5 , IIS 8
The sanitizer even not removing this simple script
<script>alert('error')</script>Ok here my config
<asp:TextBox ID="txtMessageBody" TextMode="MultiLine" Height="500px" runat="server"
CssClass="MessageSendArea" MaxLength="4000" ClientIDMode="Static" /><ajaxToolkit:HtmlEditorExtender ID="htmlEditorExtender1" TargetControlID="txtMessageBody"
runat="server" DisplaySourceTab="True"><Toolbar><ajaxToolkit:Undo /><ajaxToolkit:Redo /><ajaxToolkit:Bold /><ajaxToolkit:Italic /><ajaxToolkit:Underline /><ajaxToolkit:StrikeThrough /><ajaxToolkit:Subscript /><ajaxToolkit:Superscript /><ajaxToolkit:JustifyLeft /><ajaxToolkit:JustifyCenter /><ajaxToolkit:JustifyRight /><ajaxToolkit:JustifyFull /><ajaxToolkit:InsertOrderedList /><ajaxToolkit:InsertUnorderedList /><ajaxToolkit:CreateLink /><ajaxToolkit:UnLink /><ajaxToolkit:RemoveFormat /><ajaxToolkit:SelectAll /><ajaxToolkit:UnSelect /><ajaxToolkit:Delete /><ajaxToolkit:Cut /><ajaxToolkit:Copy /><ajaxToolkit:Paste /><ajaxToolkit:BackgroundColorSelector /><ajaxToolkit:ForeColorSelector /><ajaxToolkit:FontNameSelector /><ajaxToolkit:FontSizeSelector /><ajaxToolkit:Indent /><ajaxToolkit:Outdent /><ajaxToolkit:InsertHorizontalRule /><ajaxToolkit:HorizontalSeparator /></Toolbar></ajaxToolkit:HtmlEditorExtender>Here my webconfig
<configSections><sectionGroup name="system.web"><section name="sanitizer" requirePermission="false" type="AjaxControlToolkit.Sanitizer.ProviderSanitizerSection, AjaxControlToolkit"/></sectionGroup></configSections>
<trust level="Full"/><sanitizer defaultProvider="HtmlAgilityPackSanitizerProvider"><providers><add name="HtmlAgilityPackSanitizerProvider" type="AjaxControlToolkit.Sanitizer.HtmlAgilityPackSanitizerProvider"/></providers></sanitizer>
Here the result i get when i post the above alert script message
<script>alert('error')</script>when it is decoded to display to user
<script>alert('error')</script>So i need help thank you