OK, that means you'll have to program something yourself which is bad in that its more work, but actually nice in that you can create one that's much better.
I have yet to work on one, but I have started designing a "sanitizing" dictionary. The idea is to swap out characters you don't want for things that you do. You create a generic dictionary<TKey, TValue>, each key you choose will be a character that you're concerned about, and then you can insert a value (one or more characters) that you want inserted instead. Then create a helper function which returns this dictionary whenever it's requested. You can stick it in a class like InputSecurity in Your.Namespace.Security and add a using statement for this namespace in any file you want to use the dictionary.
Then you write a function like this
Code:
public string mySanitizer(string inputString)
{
// Get the dictionary
InputSecurity myInputSecurity = new InputSecurity();
Dictionary<string, string> dic = myInputSecurity.getMyDictionary();
//
// check each charater of the inputString variable,
// compare the character to "dic"
// see if dic returns a value
//
// if dic DOES return a value
// replace the character in the string with the returned value
// if dic DOES NOT return a value
// it is not a character of concern, so it can stay.
//
}
If you want to create a BB code or similar system, you just need to make one modification. If dic returns a value don't insert the value from the dictionary, insert "[" + value + "]". If you don't want to use square brackets you can define whatever characters you're going to use as a flag to say "this is where a character of concern used to be". Then you can create other code modules that interpret your modified code and turn anything you consider "safe" back into HTML.
A question regarding fckeditor
