Hi,
I was testing my web application for cross-site scripting. To simplify things, I have a web form using a RadAjaxPanel, textbox, regular expression validator checking for a valid e-mail address, submit and a cancel button. When I placed the <script> tags on the textbox, the regular expression validator flags it and I can't proceed with the submit, however, I see a javascript error on the page. When I hit cancel, which I set to causesvalidation to false, I also get a 'Error on page' on my browser and doesn't redirect me to the home page until I clear the <script> tags on the textbox. Most of my web forms do use the ajaxpanel but the errors are misleading from the browser, since the validator controls would have prevented the cross-site scripting. Is there a way around this? Thanks.
I was testing my web application for cross-site scripting. To simplify things, I have a web form using a RadAjaxPanel, textbox, regular expression validator checking for a valid e-mail address, submit and a cancel button. When I placed the <script> tags on the textbox, the regular expression validator flags it and I can't proceed with the submit, however, I see a javascript error on the page. When I hit cancel, which I set to causesvalidation to false, I also get a 'Error on page' on my browser and doesn't redirect me to the home page until I clear the <script> tags on the textbox. Most of my web forms do use the ajaxpanel but the errors are misleading from the browser, since the validator controls would have prevented the cross-site scripting. Is there a way around this? Thanks.
1 Answer, 1 is accepted
0
Hi Philip,
Could you please check if replacing the RadAjaxPanel with ASP:UpdatePanel and see if it makes any difference?
Additionally, if you can send us a sample project illustrating your scenario, we would be able to perform further investigation on your case and try finding the source of the problem.
Regards,
Iana
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Could you please check if replacing the RadAjaxPanel with ASP:UpdatePanel and see if it makes any difference?
Additionally, if you can send us a sample project illustrating your scenario, we would be able to perform further investigation on your case and try finding the source of the problem.
Regards,
Iana
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.