SAP BPC cannot load "Could not load file or assembly 'AntiXssLibrary' or one of its dependencies. This assembly is built by a runtime newer than the currently loaded runtime and cannot be loaded"

We are running SAP Business planning and consolidation (BPC) software version 7.5 MS. I recently did a service pack update and one of the requirement was to install AntiXSSLibrary. I downloaded...

Id #20017 | Release: None | Updated: Jun 3 at 12:43 AM by bdorrans | Created: Jul 30, 2013 at 10:51 PM by yokeshkumar

Paste into HtmlEditorExtender adds <o:p>

Hi, I have a static html page that was originally created using Microsoft Word 2010. I want to copy the contents of this page into a website I'm building that using the HtmlEditorExtender. Howev...

Id #19949 | Release: None | Updated: Jul 9, 2013 at 6:38 AM by kepboy | Created: Jul 9, 2013 at 6:38 AM by kepboy

AntiXSS Sanitizer removes html <br> and <br/> tags from AjaxControlToolkit HtmlEditorExtender generated html.

I have added a Htmleditorextender ajax control to my asp.net web application with putting XSS sanitizer in it for XSS security but now when I retrieve the text from Htmleditorextender the sanitizer...

Id #18339 | Release: None | Updated: Jun 3 at 12:40 AM by bdorrans | Created: Jul 10, 2012 at 2:28 AM by saurav_kumar

GetSafeHtmlFragment adds newline at first space after 256 characters

The result from   Sanitizer.GetSafeHtmlFragment("Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed nunc tellus, consectetur eget blandit euismod, pharetra a libero. In pretium, sem sed m...

Id #17733 | Release: None | Updated: Feb 22, 2013 at 12:07 AM by Budsy | Created: Mar 30, 2012 at 12:18 PM by mronnlun

Source Code is Missing

There is no matching source code for what is being released at Microsoft's download site. I can't find source for the current 4.2.1 version   If this is done intentionally, to hide details behind...

Id #17464 | Release: None | Updated: Feb 22, 2013 at 12:07 AM by LaJmOn | Created: Feb 23, 2012 at 1:46 AM by clamont

Sanitizer.GetSafeHtmlFragment() Replaces <br /> with <br>

I have several textareas in which I replace the \r\n with a <br /> tag and when I use GetSafeHtmlFragment() to display my string, it replaces the <br /> tag with a <br> tag and therefore causing th...

Id #17120 | Release: None | Updated: Feb 22, 2013 at 12:07 AM by NickPetrovits | Created: Dec 22, 2011 at 7:55 PM by b471code3

CssEncode doesn't sanitise expression syntax correctly

CssEncode("expression(alert('Hello'))") returns "expression\000028alert\000028\000027Hello\000027\000029\000029"   This looks correct, but unfortunately IE7 and IE8 evaluate / execute the expressio...

Id #16312 | Release: None | Updated: Feb 22, 2013 at 12:07 AM by xumix | Created: Jul 28, 2011 at 9:28 AM by cfl_js

Sanitizer.GetSafeHtmlFragment puts a div element after an input element.

Microsoft.Security.Application.Santizier.GetSafeHtmlFragment("<input type=""text"" />") returns '<input type="text" /> <div></div>' and I would expect it to return '<input type="text" />'

Id #15926 | Release: None | Updated: Feb 22, 2013 at 12:07 AM by mnty9er | Created: May 27, 2011 at 6:03 PM by mnty9er

carriage return added to strings ending w/ whitespace

GetSafeHtmlFragment("This brown fox ") = "This brown fox\r\n"   The added carriage return caused us some issues.

Id #15451 | Release: None | Updated: Feb 22, 2013 at 12:07 AM by mronnlun | Created: Mar 2, 2011 at 6:06 PM by AlfredC

Support for JSON encode

Json encoding requires the use of unicode encoding (\unnnn instead of \xnn) for all non-safe characters. It should also use double quotes instead of single quotes. Will upload a patch shortly

Id #14231 | Release: None | Updated: Feb 22, 2013 at 12:07 AM by stocka | Created: Sep 13, 2010 at 12:35 PM by eoftedal