Forum

November 2nd, 2014
A A A
Avatar

Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

The forums are currently locked and only available for read only access
sp_Feed Topic RSS sp_TopicIcon
XSS for inline editing with autoencode
05/08/2014
04:06
Avatar
dk
New Member
Members
Forum Posts: 2
Member Since:
05/08/2014
sp_UserOfflineSmall Offline

Hi all, 

I am working on inline editing in jqGrid, and wanted to escape wherever the html is getting executed. I can't use autoencode for now due to the way different consumers are using the grid code. Could you please point me out in the jqgrid code where to escape the html so it does not execute code like this when entered through inline editing: 

<img src=a onerror=alert(1)>

Thanks!!

11/08/2014
14:03
Avatar
tony
Sofia, Bulgaria
Moderator
Members

Moderators
Forum Posts: 7721
Member Since:
30/10/2007
sp_UserOfflineSmall Offline

Hello,

 

depending on the editing module you can use serializeEditData to make the conversion, before it is posted to the server

 

Regards

For professional UI suites for Java Script and PHP visit us at our commercial products site - guriddo.net - by the very same guys that created jqGrid.

Forum Timezone: Europe/Sofia

Most Users Ever Online: 715

Currently Online:
49 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

OlegK: 1255

markw65: 179

kobruleht: 144

phicarre: 132

YamilBracho: 124

Renso: 118

Member Stats:

Guest Posters: 447

Members: 11373

Moderators: 2

Admins: 1

Forum Stats:

Groups: 1

Forums: 8

Topics: 10592

Posts: 31289

Newest Members:

, razia, Prankie, psky, praveen neelam, greg.valainis@pa-tech.com

Moderators: tony: 7721, Rumen[Trirand]: 81

Administrators: admin: 66

Comments are closed.
Privacy Policy   Terms and Conditions   Contact Information