ASP.NET AJAX Control Toolkit Demos v20.1.0.0

HTMLEditorExtender Sample
Ajax Control Toolkit
HTMLEditorExtender Demonstration


HtmlEditorExtender with a custom toolbar, which adds support for image uploading. The bottom toolbar also provides the source view and preview buttons changing the display mode to HTML markup and rendered HTML respectively:


To see how to implement client side onchange event on HtmlEditorExtender see Custom events sample

HTMLEditorExtender Description
HtmlEditorExtender extends to a textbox and creates and renders an editable div instead of a targeted textbox
HTMLEditorExtender Properties
  • AjaxFileUpload - AjaxFileUpload that is used to upload images
  • DisplayPreviewTab - Determines whether or not to display a preview tab/button providing access to HtmlEditorExtender’s preview
  • DisplaySourceTab - Determines whether or not to display a source view tab/button to see the source view of HtmlEditorExtender
  • EnableSanitization - Determines whether or not to use HTML-sanitization before data transfer to the server
  • OnClientChange - The name of a JavaScript function to attach to the client-side Change event
  • Toolbar - A Helper property to cacth buttons from modifed buttons at design time. This property will be attached only when the Toolbar property is not empty at design time
  • ToolbarButtons - Provides a button list to the client side. The Toolbar property is required for designer experience support, because the editor always prevents the property's capability to provide values to the client side as ExtenderControlProperty at runtime

  • Decode() - Decodes html tags that are not generated by an htmlEditorExtender button

  • ImageUploadComplete - An event handler to complete the Ajax Image upload
HtmlEditorExtender Security

We strongly advise against using HtmlEditorExtender on a public website without the sanitizer. If you do not use a sanitizer, your website will be open to Cross-Site Scripting (XSS) Attacks.

To use the Toolkit Sanitizer, install the AjaxControlToolkit.HtmlEditor.Sanitizer NuGet package.

The AjaxControlToolkit.SampleSite is configured to use the HtmlAgilityPack Sanitizer Provider.



The HtmlEditorExtender allows posting an arbitrary HTML to the server. We have made this safe by following OWASP (Open Web Security Project) recommendations. However, we cannot guarantee 100% security of your site even with the enabled sanitizer.

Copyright © 2012-2024 CodePlex Foundation. All Rights Reserved.