Using the Grid with inline batch editing, we noticed that when a script injection test was done, the server was throwing an error because the HTML tags are not encoded before posting.
If you try the Batch Editing demo http://demos.telerik.com/kendo-ui/grid/editing and enter something like "<script>" into the Product Name column, the server will report a 500 error.
A potentially dangerous Request.QueryString value was detected from the client (models="...uctName":"<script>","UnitPrice...").
Is kendo.stringify not properly encoding the values before posting? Suggestions to improve this scenario?
Using Kendo UI for ASP.NET MVC R3 2016
Thank you.