GetSafeHtmlFragment does not render Unicode characters from fckEditor Universal Keyboard

Jul 22, 2011 at 1:15 AM
Edited Jul 22, 2011 at 1:19 AM

NOTE: [C#] Newbie alert!

We are using the fckEditor when sending messages in our website.  In our fckEditor configuration, we have allowed the universal keyboard option (we can send email in e.g. greek, arabic, cyrillic characters).

I have implemented the Sanitizer library when rendering the sent messages because fckEditor does not protect you from XSS.  However, now the unicode characters do not display properly -- GetSafeHtmlFragment would render "some" of them as "?".

I figured that I need to use the UnicodeCharacterEncoder.MarkAsSafe which is in a different DLL however, I am having issues implementing it.

Note that our server app is in Visual FoxPro so I created a new C# project which is a COM wrapper to expose the AntiXSS libraries.

Could somebody please help me e.g. just with a sample code on how to use this MarkAsSafe method? Below is one of my test code:

public string GetSafeHtml(string value)        {

            value = UnicodeCharacterEncoder.MarkAsSafe(lowerCodeCharts); // I know I shouldn't use value here BUT i just want to test if I am using MarkAsSafe correctly...

            value = Sanitizer.GetSafeHtml(value);

            return value; 

 }

...where lowerCodeCharts is a combination of the unicode characters we allow.  Whenever I compile this code I keep getting an error "No overload for method MarkAsSafe takes 1 argument"...

Thanks very much!!!

Jul 22, 2011 at 3:33 AM
Edited Jul 22, 2011 at 3:53 AM
mayhem360 wrote:

            value = UnicodeCharacterEncoder.MarkAsSafe(lowerCodeCharts); // I know I shouldn't use value here BUT i just want to test if I am using MarkAsSafe correctly...

OK, silly me... need to pass all the unicode charts (lower, lowerMid, Mid, upperMid, upper) and I don't get the error message from C# anymore (it compiles nicely).

However, even if I have the UnicodeCharacterEncoder.MarkAsSafe(...), when I run the GetSafeHtmlFragment() on the string, e.g. greek characters such as "π", "θ", "&#940", or "ώ"  are still rendered as "?"

What am I not doing correctly?  Thanks very much!