Dear Isomorphic,
I found a potetial XSS style security problem in your listgrid control (and possibly others controls like the treeview).
If you enter any html in a listgrid cell this will be rendered as such. This can include a malicous script in e.g. a img tag, like <img src="javascript:alert('bad script')">.
I tried to prevent this by encoding the htmlentities server side, but then when you edit teh cell it will show stuff like < etc.
Do you have a workaround? Maybe by adding a shortDisplayFormatter for the text type? Any sugestions?
Thanks in advance,
Arjan Mels
I found a potetial XSS style security problem in your listgrid control (and possibly others controls like the treeview).
If you enter any html in a listgrid cell this will be rendered as such. This can include a malicous script in e.g. a img tag, like <img src="javascript:alert('bad script')">.
I tried to prevent this by encoding the htmlentities server side, but then when you edit teh cell it will show stuff like < etc.
Do you have a workaround? Maybe by adding a shortDisplayFormatter for the text type? Any sugestions?
Thanks in advance,
Arjan Mels
Comment