The Rich TextBox control is not "safe for scripting" because both the LoadFile and SaveFile methods allow a malicious script access to read, write, or change files on a user's local computer.
It is not "safe for initialization" because the Rich Text Format (RTF)
specification allows for the embedding of potentially malicious OLE objects. Previous versions of the Rich TextBox control are incorrectly marked safe for scripting and initialization, and are blocked from running in Internet Explorer.
When you use the Rich TextBox control on a Web page, you must first wrap it in another Microsoft ActiveX control that does not expose the unsafe properties and methods. This wrapper control is then marked as safe when it is packaged for distribution.
Workaround
The following are two possible workarounds to achieve rich editing functionality on your Web page:
- Wrap the Rich TextBox control in another ActiveX control that does not expose the unsafe properties and methods. This wrapper control is marked as safe when it is packaged for distribution.
- Use the Dynamic Hypertext Markup Language (DHTML) Editing Component, if the RTF support is not necessary.