This is a migrated thread and some comments may be shown as answers.

ComboBox Issue with <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

1 Answer 42 Views
ComboBox
This is a migrated thread and some comments may be shown as answers.
Adron
Top achievements
Rank 1
Adron asked on 20 Oct 2008, 09:46 PM
When using a combo box, that would display a value and the value is something like <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>, what is the best way to filter or encode this so that it doesn't break the combo box?

The velow is an image link to what the issue looks like.

1 Answer, 1 is accepted

Sort by
0
Rosi
Telerik team
answered on 21 Oct 2008, 07:48 AM
Hi Adron,

I suppose you use RadComboBox for ASP.NET.

It renders two client fields with names clientWidth and clientHeight .

My suggesting is to use RadComboBox for ASP.NET AJAX. You can see online examples here.
RadComboBox for  ASP.NET AJAX does not render this fields need to RadComboBox for ASP.NET to set its height and width properties.

This should solve the problem.

Regards,
Rosi
the Telerik team

Check out Telerik Trainer, the state of the art learning tool for Telerik products.
Tags
ComboBox
Asked by
Adron
Top achievements
Rank 1
Answers by
Rosi
Telerik team
Share this question
or