.jpg)
David Weinberg
Top achievements
Rank 2
Rank 2
David Weinberg
asked on 13 Jul 2016, 11:27 AM
Hi All,
If I return a blank or missing value as .property = '' (empty string) and use <span data-bind="text: property">, the span is skipped and causes layout issues. The worst being that an entire header, complete with navigation buttons, fails to show.
As an alternative, I was returning '.' (a dot rather than empty string) but this looks ugly. Finally, I am returning ' '. This required a change to <span data-bind=": property">. All is now displaying great.
I am wondering about the implications and risks of binding to rather than text. I guess the main risk is of HTML injection. Should I be worried? Is there an alternative way?
TIA,
David
1 Answer, 1 is accepted
0
Hello David,
Based on the provided information, the discussed HTML binding is not related to values, depending on user input, and even if unwanted html gets inserted in the DOM by the mentioned property, the JavaScript will not be run, so the described approach should be considered safe:
http://dojo.telerik.com/UsiVu/2
Let us know if you have other Kendo UI-related questions or concerns.
Regards,
Dimiter Topalov
Telerik by Progress
Based on the provided information, the discussed HTML binding is not related to values, depending on user input, and even if unwanted html gets inserted in the DOM by the mentioned property, the JavaScript will not be run, so the described approach should be considered safe:
http://dojo.telerik.com/UsiVu/2
Let us know if you have other Kendo UI-related questions or concerns.
Regards,
Dimiter Topalov
Telerik by Progress
Get started with Kendo UI in days. Online training courses help you quickly implement components into your apps.