disabled allowedcontent to prevent xss attacks

CKEditorDefaultSettings.xml

@@ -30,7 +30,7 @@
   <BrowserRoles>0;Administrators;</BrowserRoles>
   <AllowedImageExtensions>bmp,gif,jpeg,jpg,png,svg</AllowedImageExtensions>
   <SettingMode>Portal</SettingMode>
-  <Config allowedContent="true" autoGrow_bottomSpace="0" autoGrow_maxHeight="0" autoGrow_minHeight="200" autoGrow_onStartup="false" autoParagraph="true" autoUpdateElement="true" baseFloatZIndex="10000" basicEntities="true" browserContextMenuOnCtrl="true" clipboard_defaultContentType="html" colorButton_colors="00923E,F8C100,28166F" colorButton_enableMore="true" contentsLangDirection="Inherit" dataIndentationChars="	" defaultLanguage="en" defaultLinkType="url" dialog_backgroundCoverColor="white" dialog_backgroundCoverOpacity="0.5" dialog_buttonsOrder="OS" dialog_magnetDistance="20" dialog_noConfirmCancel="0" dialog_startupFocusTab="false" disableNativeSpellChecker="true" disableNativeTableHandles="true" disableObjectResizing="false" disableReadonlyStyling="false" div_wrapTable="false" docType="&lt;!DOCTYPE html&gt;" embed_provider="//ckeditor.iframe.ly/api/oembed?url={url}&amp;callback={callback}" enableTabKeyTools="true" enterMode="P" entities="true" entities_additional="#39" entities_greek="false" entities_latin="false" entities_processNumerical="false" extraPlugins="autosave,mathjax,embed,tableresize,textselection,notification,stylesheetparser,qrcodes,newsarticleslinks,codemirror,codesnippet,dnnpages,xmltemplates,wordcount" filebrowserWindowFeatures="location=no,menubar=no,toolbar=no,dependent=yes,minimizable=no,modal=yes,alwaysRaised=yes,resizable=yes,scrollbars=yes" filebrowserWindowHeight="70%" filebrowserWindowWidth="80%" fillEmptyBlocks="true" flashAddEmbedTag="false" flashConvertOnEdit="false" flashEmbedTagOnly="false" floatSpaceDockedOffsetX="0" floatSpaceDockedOffsetY="0" floatSpacePinnedOffsetX="0" floatSpacePinnedOffsetY="0" fontSize_sizes="12px;2.3em;130%;larger;x-small" font_names="Arial;Times New Roman;Verdana" forceEnterMode="false" forcePasteAsPlainText="false" forceSimpleAmpersand="false" format_tags="p;h1;h2;h3;h4;h5;h6;pre;address;div" fullPage="false" height="200" htmlEncodeOutput="false" ignoreEmptyParagraph="true" image_previewText="Lorem ipsum dolor..." image_removeLinkByEmptyURL="true" indentOffset="40" indentUnit="px" linkJavaScriptLinksAllowed="false" linkShowAdvancedTab="true" linkShowTargetTab="true" magicline_color="#FF0000" magicline_holdDistance="0.5" magicline_keystrokeNext="0" magicline_keystrokePrevious="0" magicline_putEverywhere="false" magicline_triggerOffset="30" menu_groups="clipboard,tablecell,tablecellproperties,tablerow,tablecolumn,table,anchor,link,image,flash,checkbox,radio,textfield,hiddenfield,imagebutton,button,select,textarea,div" mathJaxLib="//cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.2/MathJax.js?config=TeX-AMS_HTML" menu_subMenuDelay="400" pasteFromWordCleanupFile="" pasteFromWordNumberedHeadingToList="false" pasteFromWordPromptCleanup="false" pasteFromWordRemoveFontStyles="true" pasteFromWordRemoveStyles="true" protectedSource="[( /&lt;i class[\s\S]*?&gt;[\s\S]*?&lt;\/i&gt;/gi ),( /&lt;span class[\s\S]*?&gt;&lt;\/span&gt;/gi ),( /&lt;em class[\s\S]*?&gt;[\s\S]*?&lt;\/em&gt;/gi ),( /&lt;button class[\s\S]*?&gt;[\s\S]*?&lt;\/button&gt;/gi )]" readOnly="false" removeFormatAttributes="class,style,lang,width,height,align,hspace,valign" removeFormatTags="b,big,code,del,dfn,em,font,i,ins,kbd,q,samp,small,span,strike,strong,sub,sup,tt,u,var" resize_dir="both" resize_enabled="true" resize_maxHeight="600" resize_maxWidth="3000" resize_minHeight="250" resize_minWidth="750" scayt_autoStartup="false" scayt_maxSuggestions="0" shiftEnterMode="BR" skin="moono-lisa" smiley_columns="8" sourceAreaTabSize="20" startupFocus="false" startupMode="wysiwyg" startupOutlineBlocks="false" startupShowBorders="true" stylesheetParser_skipSelectors="/(^body\.|^html\.|^caption\.|\.high|^\.)/i" tabIndex="0" tabSpaces="0" templates="default" templates_replaceContent="true" toolbarCanCollapse="false" toolbarGroupCycling="true" toolbarLocation="Top" toolbarStartupExpanded="true" undoStackSize="20" useComputedState="true" width="99%" ResizeImageOnQuickUpload="false" ResizeImageQuality="80">
+  <Config allowedContent="false" autoGrow_bottomSpace="0" autoGrow_maxHeight="0" autoGrow_minHeight="200" autoGrow_onStartup="false" autoParagraph="true" autoUpdateElement="true" baseFloatZIndex="10000" basicEntities="true" browserContextMenuOnCtrl="true" clipboard_defaultContentType="html" colorButton_colors="00923E,F8C100,28166F" colorButton_enableMore="true" contentsLangDirection="Inherit" dataIndentationChars="	" defaultLanguage="en" defaultLinkType="url" dialog_backgroundCoverColor="white" dialog_backgroundCoverOpacity="0.5" dialog_buttonsOrder="OS" dialog_magnetDistance="20" dialog_noConfirmCancel="0" dialog_startupFocusTab="false" disableNativeSpellChecker="true" disableNativeTableHandles="true" disableObjectResizing="false" disableReadonlyStyling="false" div_wrapTable="false" docType="&lt;!DOCTYPE html&gt;" embed_provider="//ckeditor.iframe.ly/api/oembed?url={url}&amp;callback={callback}" enableTabKeyTools="true" enterMode="P" entities="true" entities_additional="#39" entities_greek="false" entities_latin="false" entities_processNumerical="false" extraPlugins="autosave,mathjax,embed,tableresize,textselection,notification,stylesheetparser,qrcodes,newsarticleslinks,codemirror,codesnippet,dnnpages,xmltemplates,wordcount" filebrowserWindowFeatures="location=no,menubar=no,toolbar=no,dependent=yes,minimizable=no,modal=yes,alwaysRaised=yes,resizable=yes,scrollbars=yes" filebrowserWindowHeight="70%" filebrowserWindowWidth="80%" fillEmptyBlocks="true" flashAddEmbedTag="false" flashConvertOnEdit="false" flashEmbedTagOnly="false" floatSpaceDockedOffsetX="0" floatSpaceDockedOffsetY="0" floatSpacePinnedOffsetX="0" floatSpacePinnedOffsetY="0" fontSize_sizes="12px;2.3em;130%;larger;x-small" font_names="Arial;Times New Roman;Verdana" forceEnterMode="false" forcePasteAsPlainText="false" forceSimpleAmpersand="false" format_tags="p;h1;h2;h3;h4;h5;h6;pre;address;div" fullPage="false" height="200" htmlEncodeOutput="false" ignoreEmptyParagraph="true" image_previewText="Lorem ipsum dolor..." image_removeLinkByEmptyURL="true" indentOffset="40" indentUnit="px" linkJavaScriptLinksAllowed="false" linkShowAdvancedTab="true" linkShowTargetTab="true" magicline_color="#FF0000" magicline_holdDistance="0.5" magicline_keystrokeNext="0" magicline_keystrokePrevious="0" magicline_putEverywhere="false" magicline_triggerOffset="30" menu_groups="clipboard,tablecell,tablecellproperties,tablerow,tablecolumn,table,anchor,link,image,flash,checkbox,radio,textfield,hiddenfield,imagebutton,button,select,textarea,div" mathJaxLib="//cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.2/MathJax.js?config=TeX-AMS_HTML" menu_subMenuDelay="400" pasteFromWordCleanupFile="" pasteFromWordNumberedHeadingToList="false" pasteFromWordPromptCleanup="false" pasteFromWordRemoveFontStyles="true" pasteFromWordRemoveStyles="true" protectedSource="[( /&lt;i class[\s\S]*?&gt;[\s\S]*?&lt;\/i&gt;/gi ),( /&lt;span class[\s\S]*?&gt;&lt;\/span&gt;/gi ),( /&lt;em class[\s\S]*?&gt;[\s\S]*?&lt;\/em&gt;/gi ),( /&lt;button class[\s\S]*?&gt;[\s\S]*?&lt;\/button&gt;/gi )]" readOnly="false" removeFormatAttributes="class,style,lang,width,height,align,hspace,valign" removeFormatTags="b,big,code,del,dfn,em,font,i,ins,kbd,q,samp,small,span,strike,strong,sub,sup,tt,u,var" resize_dir="both" resize_enabled="true" resize_maxHeight="600" resize_maxWidth="3000" resize_minHeight="250" resize_minWidth="750" scayt_autoStartup="false" scayt_maxSuggestions="0" shiftEnterMode="BR" skin="moono-lisa" smiley_columns="8" sourceAreaTabSize="20" startupFocus="false" startupMode="wysiwyg" startupOutlineBlocks="false" startupShowBorders="true" stylesheetParser_skipSelectors="/(^body\.|^html\.|^caption\.|\.high|^\.)/i" tabIndex="0" tabSpaces="0" templates="default" templates_replaceContent="true" toolbarCanCollapse="false" toolbarGroupCycling="true" toolbarLocation="Top" toolbarStartupExpanded="true" undoStackSize="20" useComputedState="true" width="99%" ResizeImageOnQuickUpload="false" ResizeImageQuality="80">
     <CodeMirror autoCloseBrackets="true" autoCloseTags="false" autoFormatOnStart="false" autoFormatOnUncomment="true" continueComments="true" enableCodeFolding="true" enableCodeFormatting="true" enableSearchTools="true" highlightMatches="true" indentWithTabs="false" lineNumbers="true" lineWrapping="true" mode="htmlmixed" matchBrackets="true" matchTags="true" showAutoCompleteButton="true" showCommentButton="true" showFormatButton="true" showSearchButton="true" showTrailingSpace="true" showUncommentButton="true" highlightActiveLine="true" theme="default" useBeautifyOnStart="false" />
     <AutoSave delay="10" messageType="notification" saveDetectionSelectors="a[href^='javascript:__doPostBack'][id*='Save'],a[id*='Cancel']" NotOlderThen="1440" diffType="sideBySide" autoLoad="false" />
     <WordCount showParagraphs="true" showCharCount="false" showWordCount="true" countSpacesAsChars="false" countHTML="false" maxCharCount="-1" maxWordCount="-1" />

DNN 7/Install/WatchersNET.CKHtmlEditorProvider.dnn

@@ -1,5 +1,5 @@
 <dotnetnuke type="Package" version="5.0">
-  <packages><package name="DotNetNuke.CKHtmlEditorProvider" type="Provider" version="02.01.18">
+  <packages><package name="DotNetNuke.CKHtmlEditorProvider" type="Provider" version="02.01.20">
   <friendlyName>CKEditor Editor Provider</friendlyName>
   <description>CKEditor Editor Provider for DNN</description>
   <iconFile>~/Providers/HtmlEditorProviders/CKEditor/LogoCKEditor.png</iconFile>
@@ -107,7 +107,7 @@
     <component type="Cleanup" version="02.00.00" fileName="02.00.00.Cleanup.txt" />
   </components>
 </package>
-    <package name="CKEditor.EditorConfigManager" type="Module" version="02.01.18">
+    <package name="CKEditor.EditorConfigManager" type="Module" version="02.01.20">
       <friendlyName>CKEditor Config Manager</friendlyName>
       <description>Configuration Manager for the CKEditor Editor Provider</description>
       <owner>

DNN 7/Objects/EditorConfig.cs

@@ -28,7 +28,7 @@ public class EditorConfig
         /// </summary>
         public EditorConfig()
         {
-            this.AllowedContent = "true";
+            this.AllowedContent = "false";
             this.AutoGrow_BottomSpace = 0;
             this.AutoGrow_MaxHeight = 0;
             this.AutoGrow_MinHeight = 200;

DNN 8/Install/WatchersNET.CKHtmlEditorProvider.dnn

@@ -1,5 +1,5 @@
 <dotnetnuke type="Package" version="5.0">
-  <packages><package name="DotNetNuke.CKHtmlEditorProvider" type="Provider" version="02.01.18">
+  <packages><package name="DotNetNuke.CKHtmlEditorProvider" type="Provider" version="02.01.20">
   <friendlyName>CKEditor Editor Provider</friendlyName>
   <description>CKEditor Editor Provider for DNN</description>
   <iconFile>~/Providers/HtmlEditorProviders/CKEditor/LogoCKEditor.png</iconFile>
@@ -108,7 +108,7 @@
     <component type="Cleanup" version="02.00.00" fileName="02.00.00.Cleanup.txt" />
   </components>
 </package>
-    <package name="CKEditor.EditorConfigManager" type="Module" version="02.01.18">
+    <package name="CKEditor.EditorConfigManager" type="Module" version="02.01.20">
       <friendlyName>CKEditor Config Manager</friendlyName>
       <description>Configuration Manager for the CKEditor Editor Provider</description>
       <owner>

DNN 8/Objects/EditorConfig.cs

@@ -27,7 +27,7 @@ public class EditorConfig
         /// </summary>
         public EditorConfig()
         {
-            this.AllowedContent = "true";
+            this.AllowedContent = "false";
             this.AutoGrow_BottomSpace = 0;
             this.AutoGrow_MaxHeight = 0;
             this.AutoGrow_MinHeight = 200;

DNN 9/Install/WatchersNET.CKHtmlEditorProvider.dnn

@@ -1,5 +1,5 @@
 <dotnetnuke type="Package" version="5.0">
-  <packages><package name="DotNetNuke.CKHtmlEditorProvider" type="Provider" version="02.01.18">
+  <packages><package name="DotNetNuke.CKHtmlEditorProvider" type="Provider" version="02.01.20">
   <friendlyName>CKEditor Editor Provider</friendlyName>
   <description>CKEditor Editor Provider for DNN</description>
   <iconFile>~/Providers/HtmlEditorProviders/CKEditor/LogoCKEditor.png</iconFile>
@@ -108,7 +108,7 @@
     <component type="Cleanup" version="02.00.00" fileName="02.00.00.Cleanup.txt" />
   </components>
 </package>
-    <package name="CKEditor.EditorConfigManager" type="Module" version="02.01.18">
+    <package name="CKEditor.EditorConfigManager" type="Module" version="02.01.20">
       <friendlyName>CKEditor Config Manager</friendlyName>
       <description>Configuration Manager for the CKEditor Editor Provider</description>
       <owner>

DNN 9/Objects/EditorConfig.cs

@@ -27,7 +27,7 @@ public class EditorConfig
         /// </summary>
         public EditorConfig()
         {
-            this.AllowedContent = "true";
+            this.AllowedContent = "false";
             this.AutoGrow_BottomSpace = 0;
             this.AutoGrow_MaxHeight = 0;
             this.AutoGrow_MinHeight = 200;

WatchersNET.CKEditor.sln

@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 15
-VisualStudioVersion = 15.0.27130.2036
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.28714.193
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "DNN 7", "DNN 7", "{9EA2F6AC-913E-41BD-9A33-127E2F7B22FC}"
 EndProject