jQuery Grid Plugin - jqGridForum

Topic RSS

Related Topics sp_TopicIcon

Displaying in jqgrid cells

Tags: script injection

02/02/2013
00:10

johan

USA

Member

Members

Forum Posts: 13

Member Since:
02/12/2010

Offline

Hello, I went into this assuming that jqGrid already accommidated for displaying values like <script>alert('hi-lol');</script> in cells but it seems to not do so. So I added a formatter because I want to erradicate this for any grid cell ever… which I am unsure how to do this especially when other formatters are involved…

In any case here is my simple formatter that does not work.


function jsonFmtr(cellvalue, options, rowdata) {     return "<praaae><codeaaa>" + cellvalue + "</codeaaa></praaae>"; }

It does what I expect, but the javascript still runs… not sure what to say here really other than I need some help!

Sorry it seems I cannot get pre and code tags to display, the function is wrapping the value in pre and code tags...

02/02/2013
10:16

OlegK

Germany

Member

Members

Forum Posts: 1255

Member Since:
10/08/2009

Offline

You need just use autoencode: true option of jqGrid. Then jqGrid will interpret all cell data as text and not as HTML fragments. The exception will stay custom formatters. The results of working custom formatters are interpreted always as HTML fragmants. If needed you can use $.jgrid.htmlEncode function inside of your custom formatter.

Best regards
Oleg

All RSS

Forum Timezone: Europe/Sofia

Most Users Ever Online: 715

Currently Online:
49 Guest(s)

Currently Browsing this Page:
1 Guest(s)