TSafeHtml

TSafeHtml is a control that strips down all potentially dangerous HTML content. It is mainly a wrapper of the SafeHTML project. According to the SafeHTML project, it tries to safeguard the following situations when the string is to be displayed to end-users:

• Opening tag without its closing tag
• closing tag without its opening tag
• any of these tags: base, basefont, head, html, body, applet, object, iframe, frame, frameset, script, layer, ilayer, embed, bgsound, link, meta, style, title, blink, xml, etc.
• any of these attributes: on*, data*, dynsrc
• javascript:/vbscript:/about: etc. protocols
• expression/behavior etc. in styles
• any other active content.

To use TSafeHtml, simply enclose the content to be secured within the TSafeHtml component tag in a template. The content may consist of both static text and PRADO controls. If the latter, the rendering result of the controls will be secured.

If the content is encoded in UTF-7, you'll need to enable the RepackUTF7 property to ensure the contents gets parsed correctly.