Our blazing fast Grid component built with pure JavaScript


Post by janan »

Typing the following text in

"><img src=x onerror=alert(21)>

in text field in grid.

In the following example:
https://bryntum.com/examples/grid/columns/, adding
"htmlEncode: false " to the column and adding the above text pops up alert message.

Is there any solution for this?


Post by mats »

It's expected as you explicitly opt out of HTML encoding - meaning you have to clean your data yourself.

htmlEncode: false

Post Reply