We strongly advise against using HtmlEditorExtender on a public website without the sanitizer. If you do not use a sanitizer, your website will be open to Cross-Site Scripting (XSS) Attacks.
To use the Toolkit Sanitizer, install the AjaxControlToolkit.HtmlEditor.Sanitizer NuGet package.
The AjaxControlToolkit.SampleSite is configured to use the HtmlAgilityPack Sanitizer Provider.
Disclaimer:
The HtmlEditorExtender allows posting an arbitrary HTML to the server. We have made this safe by following OWASP (Open Web Security Project) recommendations. However, we cannot guarantee 100% security of your site even with the enabled sanitizer.