ParamQuery grid support forum

General Category => Help for ParamQuery Grid (free version) => Topic started by: Yiiiiii on March 05, 2019, 09:42:49 am

Title: How to prevent Cross-site Scripting(Xss) when input data
Post by: Yiiiiii on March 05, 2019, 09:42:49 am

I'm trying to edit cell data with text "<script>alert('something')</script>" but it seem possible .
Have any attribute of pqGrid to prevent XSS?

Title: Re: How to prevent Cross-site Scripting(Xss) when input data
Post by: paramvir on March 19, 2019, 01:03:30 pm

Free version doesn't have inbuilt support to prevent XSS,

you may add this manually in the column renderers.

Code: [Select]

return val
         .replace(/&/g, "&")
         .replace(/<(\S)/g, "&lt;$1")