I have added a Htmleditorextender ajax control to my asp.net web application with putting XSS sanitizer in it for XSS security but now when I retrieve the text from Htmleditorextender the sanitizer removes HTML5
from it and the all input comes in a single.
I Searched on internet and found that this is happening because XSS sanitizer recognizes HTML5 tags as unknown unsafe tags and thats why all HTML5 tags gets removed from formatted HTML of htmleditorextender now i am using htmleditorextender by making EnableSanitization="false"
Should I remove XSS sanitizer from my project or I should go for
but both of these are not configured for image upload and user hava to add their own third party image uploader.
Please Tell me how can i prevent my site from XSS attacks without loosing html tags formatted in htmleditorextender.
Were you aware that the newest HtmlEditorExtender offers an alternative sanitizer for this reason? It's called the HtmlAgilityPackSanitizerProvider. Not sure if it's included if you use Nuget to download, but if you download the zip from CodePlex, it contains a folder called "SanitizerProviders" that contains the dll's you need for the alternate sanitizer. You can then specify the alternate sanitizer (which is included in the download) in the config file.
Here is a link to Stephen Walther's blog where he explains this: http://stephenwalther.com/archive/2012/06/25/announcing-the-june-2012-release-of-the-ajax-control-toolkit.aspx
I'm not sure if this solves your issue or if updating to the latest toolkit is an option, but you didn't mention trying this out so it sounds like it's worth a shot.