Data bind text vs html

2 posts, 0 answers
  1. David Weinberg
    David Weinberg avatar
    18 posts
    Member since:
    Jul 2015

    Posted 13 Jul Link to this post

    Hi All,

    If I return a blank or missing value as = '' (empty string) and use <span data-bind="text: property">, the span is skipped and causes layout issues. The worst being that an entire header, complete with navigation buttons, fails to show.

    As an alternative, I was returning '.' (a dot rather than empty string) but this looks ugly. Finally, I am returning '&nbsp;'. This required a change to <span data-bind="html: property">. All is now displaying great.

    I am wondering about the implications and risks of binding to html rather than text. I guess the main risk is of HTML injection. Should I be worried? Is there an alternative way?



  2. Dimiter Topalov
    Dimiter Topalov avatar
    317 posts

    Posted 15 Jul Link to this post

    Hello David,

    Based on the provided information, the discussed HTML binding is not related to values, depending on user input, and even if unwanted html gets inserted in the DOM by the mentioned property, the JavaScript will not be run, so the described approach should be considered safe:

    Let us know if you have other Kendo UI-related questions or concerns.

    Dimiter Topalov
    Telerik by Progress
    Get started with Kendo UI in days. Online training courses help you quickly implement components into your apps.
Back to Top