Is there a way to prevent a maliciously-named file from causing a Javascript injection? If you use a Mac (so that you're not bound by Windows filename conventions) and name a file with javascript in the file name, it's possible to cause the page to fire that javascript. I've already disabled the 'show filename' option, but it still is firing when I test this.
1 Answer, 1 is accepted
0
Hello,
I would suggest you to rename the file to escape any malicious characters. You may refer to the How to upload files from MAC or Linux help article. If this approach does not help you resolve the problem faced, could you open a new Support Ticket and provide details how to reproduce the described behavior on our end.
Regards,
Dimitar
Telerik
I would suggest you to rename the file to escape any malicious characters. You may refer to the How to upload files from MAC or Linux help article. If this approach does not help you resolve the problem faced, could you open a new Support Ticket and provide details how to reproduce the described behavior on our end.
Regards,
Dimitar
Telerik
Do you want to have your say when we set our development plans?
Do you want to know when a feature you care about is added or when a bug fixed?
Explore the
Telerik Feedback Portal
and vote to affect the priority of the items