Our blazing fast Grid component built with pure JavaScript


Post by nate »

Hope this is the right place to ask because I'm using Scheduler, but I believe this is a Grid feature.
I'm trying to figure out why the column renderer, unlike the header renderer and Schedule event renderer is escaping HTML. I'm not sure what the point of it is in that case since I could just use name. Here's a minimal example column definition:
      {
        type: 'tree',
        width: 300,
        field: 'name',
        sortable: false,
        renderer: (data: any) =>  `<div style="{background-color: red;}">Custom Content</div>`,
      }
Which renders the escaped HTML. How do I turn this off?
Thanks!

Post by mats »

It's a safety aspect, to prevent XSS attacks. You can disable it: https://bryntum.com/docs/grid/#Grid/column/Column#config-htmlEncode

Post by nate »

Thanks! Don't know how I missed it. This is the right call from a security perspective, it's just a little inconsistent across renderers.

Post by mats »

it's just a little inconsistent across renderers.
How do you mean, where is it inconsistent?

Post Reply