This is a migrated thread and some comments may be shown as answers.

AjaxPanel and Cross-Site Scripting

1 Answer 63 Views
Ajax
This is a migrated thread and some comments may be shown as answers.
Philip
Top achievements
Rank 1
Philip asked on 14 Apr 2010, 07:14 PM
Hi,

I was testing my web application for cross-site scripting. To simplify things, I have a web form using a RadAjaxPanel, textbox, regular expression validator checking for a valid e-mail address, submit and a cancel button. When I placed the <script> tags on the textbox, the regular expression validator flags it and I can't proceed with the submit, however, I see a javascript error on the page. When I hit cancel, which I set to causesvalidation to false, I also get a 'Error on page' on my browser and doesn't redirect me to the home page until I clear the <script> tags on the textbox. Most of my web forms do use the ajaxpanel but the errors are misleading from the browser, since the validator controls would have prevented the cross-site scripting. Is there a way around this? Thanks.

1 Answer, 1 is accepted

Sort by
0
Iana Tsolova
Telerik team
answered on 19 Apr 2010, 03:16 PM
Hi Philip,

Could you please check if replacing the RadAjaxPanel with ASP:UpdatePanel and see if it makes any difference?

Additionally, if you can send us a sample project illustrating your scenario, we would be able to perform further investigation on your case and try finding the source of the problem.

Regards,
Iana
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Tags
Ajax
Asked by
Philip
Top achievements
Rank 1
Answers by
Iana Tsolova
Telerik team
Share this question
or