Author Topic: How to prevent Cross-site Scripting(Xss) when input data  (Read 2308 times)

Yiiiiii

  • Newbie
  • *
  • Posts: 2
    • View Profile
How to prevent Cross-site Scripting(Xss) when input data
« on: March 05, 2019, 09:42:49 am »
I'm trying to edit cell data with text "<script>alert('something')</script>" but it seem possible .
Have any attribute of pqGrid to prevent XSS?

paramvir

  • Administrator
  • Hero Member
  • *****
  • Posts: 6310
    • View Profile
Re: How to prevent Cross-site Scripting(Xss) when input data
« Reply #1 on: March 19, 2019, 01:03:30 pm »
Free version doesn't have inbuilt support to prevent XSS,

you may add this manually in the column renderers.

Code: [Select]
return val
         .replace(/&/g, "&amp;")
         .replace(/<(\S)/g, "&lt;$1")