Radhtmlplaceholder takes over whole screen - potential security whole

2 posts, 0 answers
  1. IT Dept
    IT Dept avatar
    1 posts
    Member since:
    Aug 2009

    Posted 04 Jun 2010 Link to this post

    Hi all,

    We are using Radhtmlplaceholder in our Silverlight application. The SL plug in in this case uses all the available space of the browser. The Radhtmlplaceholder only uses 300px x 300px. Now, if I navigate to a page like this

     

    <html>   
    <head>   
    <script LANGUAGE="JavaScript" type="text/javascript">  
     
    if(window != top){  
     
       top.location.href = location.href;  
    }  
    </script  
    </head>   
    <BODY> 
    <h1>TESTING PAGE</h1> 
    </BODY> 
    </html> 

    in the Radhtmlplaceholder control I have 2 issues:

    1. The content are not displayed within the Radhtmlplaceholder control but replace the content of the whole page.
    2. There is a potential security issue as I can access stuff from the page hosting the SL plug in and even worse I could dive into the Silverlight app itself.

     

    Could someone help with this?

    Best regards,
    Gregory
  2. Valentin.Stoychev
    Admin
    Valentin.Stoychev avatar
    2198 posts

    Posted 04 Jun 2010 Link to this post

    Hello Gregory,

    What html palceholder do basically is to just render an iframe or a DIV at the correct position over the SL plugin. Nothing else.

    We don't render the html and javascript by ourself and thus it is up to the developer what page will load - we dont have and we can't have any restrictions over the html page or the html string that is loaded.


    Kind regards,
    Valentin.Stoychev
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  3. DevCraft banner
Back to Top