Filters in RadEditor are small code snippets, which are called in a sequence to
process the editor content, when the mode (html / design / preview) is switched.
This example demonstrates the use of the editor's built-in content filters:
Content Filters Summary
| Filter Name |
Description |
Default State |
Category |
| RemoveScripts |
Removes script tags from the editor content |
Enabled |
Security |
| EncodeScripts |
Encodes all script tags from the content |
Enabled |
Security |
| StripCssExpressions |
Strips CSS expressions to reduce XSS possibility |
Enabled |
Security |
| StripDomEventAttributes |
Removes DOM event attributes to reduce XSS possibility |
Enabled |
Security |
| StripJavaScriptUris |
Removes dangerous JavaScript-based URI schemes from HTML attributes |
Enabled |
Security |
| MakeUrlsAbsolute |
Makes all URLs absolute (e.g., "https://server/page.html") |
Disabled |
URL Processing |
| FixUlBoldItalic |
Changes deprecated <u> tag to span with CSS style |
Enabled |
HTML Cleanup |
| IECleanAnchors |
IE only - removes current page URL from anchor links |
Enabled |
Browser-Specific |
| FixEnclosingP |
Removes parent <p> tag if all content is inside it |
Disabled |
Browser-Specific |
| MozEmStrong |
Changes <b> to <strong> and <i> to <em> in Mozilla - Obsolete since 2013 Q3 |
Enabled |
Browser-Specific |
| ConvertTags |
Changes <b>, <i>, <strike> to <strong>, <em>, <del> |
Enabled |
HTML Formatting |
| ConvertFontToSpan |
Changes deprecated <font> tags to compliant <span> tags |
Enabled |
HTML Formatting |
| OptimizeSpans |
Removes unneeded span elements |
Enabled |
HTML Cleanup |
| ConvertToXhtml |
Converts HTML to XHTML |
Enabled |
HTML Formatting |
| IndentHTMLContent |
Indents HTML content for readability |
Enabled |
HTML Formatting |
| ConvertCharactersToEntities |
Converts reserved characters to HTML entity names |
Enabled |
HTML Formatting |
| PdfExportFilter |
Fixes some PDF export issues |
Disabled |
Export |
| ConvertInlineStylesToAttributes |
Converts XHTML inline styles to email-compliant attributes |
Disabled |
Email |
| RemoveExtraBreaks |
Strips all extra breaks inside tags like <p>, <h1>, etc. |
Enabled |
HTML Cleanup |
| DefaultFilters |
Preset combination of 15 recommended filters |
Preset |
Configuration |
💡 Note: DefaultFilters is a preset combination that includes 15 of the 19 available filters.
Filters included in DefaultFilters (15 filters):
- RemoveScripts
- EncodeScripts
- StripCssExpressions
- StripDomEventAttributes
- StripJavaScriptUris
- FixUlBoldItalic
- IECleanAnchors
- MozEmStrong
- ConvertTags
- ConvertFontToSpan
- OptimizeSpans
- ConvertToXhtml
- IndentHTMLContent
- ConvertCharactersToEntities
- RemoveExtraBreaks
Filters NOT included in DefaultFilters (4 filters):
- MakeUrlsAbsolute
- FixEnclosingP
- PdfExportFilter
- ConvertInlineStylesToAttributes
⚠️ Security Warning: Disabling security filters (RemoveScripts, EncodeScripts, StripDomEventAttributes, StripJavaScriptUris, StripCssExpressions) can expose your application to XSS attacks. Only disable these filters if you fully trust the content source.
Detailed Filter Descriptions
-
RemoveScripts: this filter removes
script tags from the editor content. Disable the filter if you want to insert script
tags in the content. This filter is enabled by default. You can examine more details about this filter in
Preventing Cross-site Scripting (XSS) article.
-
EncodeScripts: this filter encodes
all script tags from the content. This filter is enabled by default. You can examine more details about this filter in
Preventing Cross-site Scripting (XSS) article.
-
StripCssExpressions: this filter strips CSS expressions to reduce the possibility of cross-site scripting.
This filter is enabled by default. You can examine more details about this filter in Preventing Cross-site Scripting (XSS) article.
-
StripDomEventAttributes: this filter removes attribute DOM events from the HTML elements to reduce
the possibility of cross-site scripting. You can examine more details about this filter in Preventing Cross-site Scripting (XSS) article.
-
StripJavaScriptUris: this filter removes dangerous JavaScript-based URI schemes from HTML attributes to reduce
the possibility of cross-site scripting. This filter is enabled by default. You can examine more details about this filter in Preventing Cross-site Scripting (XSS) article.
-
MakeUrlsAbsolute: this filter makes
all URLs in the editor content absolute (e.g. "https://server/page.html"
instead of "page.html").
-
FixUlBoldItalic: this filter changes
the deprecated u tag to a span with CSS style. This filter is enabled by default.
-
IECleanAnchors: Internet Explorer only - this filter removes the current page url from all anchor(#) links to
the same page. This filter is enabled by default.
-
FixEnclosingP: this filter removes
a parent paragraph tag if the whole content is inside it.
-
MozEmStrong: this filter changes b
to strong and i to em in Mozilla browsers. This filter is enabled by default. - This filter is obsolete since Telerik UI version 2013 Q3
-
ConvertTags: this filter changes <b>, <i> and <strike>
tags successively to <strong>, <em> and <del>. This filter is enabled by default.
-
ConvertFontToSpan: this filter changes
deprecated font tags to compliant span tags. This filter is enabled by default.
-
OptimizeSpans: this filter
removes unneeded span elements. This filter is enabled by default.
-
ConvertToXhtml: this filter converts
the HTML from the editor content area to XHTML. This filter is enabled by default.
-
IndentHTMLContent: this filter indents
the HTML content so it is more readable when you view the code. This filter is enabled by default.
-
ConvertCharactersToEntities: this
filter converts reserved characters to their html entity names. This filter is enabled by default.
-
PdfExportFilter: this filter fixes
some pdf export issues.
-
ConvertInlineStylesToAttributes: this
filter converts XHTML compliant inline style attributes to Email compliant element
attributes.
-
RemoveExtraBreaks: this filter strips all extra breaks inside some tags like p, h1, etc. This filter is enabled by default.
-
DefaultFilters: this is a preset combination that includes 15 recommended content filters for comprehensive content processing while maintaining security.
The following filters are included: RemoveScripts, EncodeScripts, StripCssExpressions, StripDomEventAttributes, StripJavaScriptUris, FixUlBoldItalic, IECleanAnchors, MozEmStrong, ConvertTags, ConvertFontToSpan, OptimizeSpans, ConvertToXhtml, IndentHTMLContent, ConvertCharactersToEntities, and RemoveExtraBreaks.
The following 4 filters are NOT included: MakeUrlsAbsolute, FixEnclosingP, PdfExportFilter, and ConvertInlineStylesToAttributes. These can be added individually if needed for specific scenarios.
How to Configure Filters
Filters in RadEditor can be set in the markup:
<telerik:RadEditor ID="RadEditor1"
ContentFilters="DefaultFilters" runat="server"
/>
or combine DefaultFilters with additional filters like PdfExportFilter:
<telerik:RadEditor ID="RadEditor1"
ContentFilters="DefaultFilters,PdfExportFilter" runat="server"
/>
as well as in the code behind:
C#
RadEditor1.ContentFilters = Telerik.Web.UI.EditorFilters.DefaultFilters | Telerik.Web.UI.EditorFilters.PdfExportFilter;
VB.NET
RadEditor1.ContentFilters = Telerik.Web.UI.EditorFilters.DefaultFilters Or Telerik.Web.UI.EditorFilters.PdfExportFilter
Filters can also be enabled/disabled individually through EnableFilter() and DisableFilter()
methods (e.g. RadEditor1.DisableFilter(Telerik.Web.UI.EditorFilters.MakeUrlsAbsolute))
Related Resources