Author Topic: How to prevent Cross-site Scripting(Xss) when input data (Read 2309 times)

Yiiiiii · « **on:** March 05, 2019, 09:42:49 am »

I'm trying to edit cell data with text "<script>alert('something')</script>" but it seem possible .
Have any attribute of pqGrid to prevent XSS?

paramvir · « **Reply #1 on:** March 19, 2019, 01:03:30 pm »

Free version doesn't have inbuilt support to prevent XSS,

you may add this manually in the column renderers.

return val
         .replace(/&/g, "&amp;")
         .replace(/<(\S)/g, "&lt;$1")