<telerik:GridTemplateColumn DataField="FIRSTANDLASTNAME"
HeaderText="[FIRSTANDLASTNAME]" SortExpression="FIRSTANDLASTNAME" UniqueName="FIRSTANDLASTNAME"
GroupByExpression="FIRSTANDLASTNAME GROUP BY FIRSTANDLASTNAME">
<ItemTemplate>
<asp:LinkButton ID="lnkFIRSTANDLASTNAME" runat="server" Text='<%# AntiXSSEncoder.HtmlEncode(this.GetDataFromContainer(Container.DataItem, "FIRSTANDLASTNAME")) %>'
OnCommand="ContactSelected_Command" />
</ItemTemplate>
</telerik:GridTemplateColumn>
The value I assign to "[FIRSTANDLASTNAME]" is a dynamic value from database based on language. I wanted it to be encoded so it will not be open to xss attacks.
/// Below fix works but I 10s of columns in differen pages. Is there a way to encode the value without encoding one by one via UniqueName ?
protected void MPViewGridContact_ItemCreated(object sender, GridItemEventArgs e)
{
if (e.Item is GridHeaderItem)
{
GridHeaderItem headerItem = e.Item as GridHeaderItem; var button = headerItem["FIRSTANDLASTNAME"].Controls[0] as LinkButton;
button.Text = AntiXSSEncoder.HtmlEncode(button.Text); } }
HeaderText="[FIRSTANDLASTNAME]" SortExpression="FIRSTANDLASTNAME" UniqueName="FIRSTANDLASTNAME"
GroupByExpression="FIRSTANDLASTNAME GROUP BY FIRSTANDLASTNAME">
<ItemTemplate>
<asp:LinkButton ID="lnkFIRSTANDLASTNAME" runat="server" Text='<%# AntiXSSEncoder.HtmlEncode(this.GetDataFromContainer(Container.DataItem, "FIRSTANDLASTNAME")) %>'
OnCommand="ContactSelected_Command" />
</ItemTemplate>
</telerik:GridTemplateColumn>
The value I assign to "[FIRSTANDLASTNAME]" is a dynamic value from database based on language. I wanted it to be encoded so it will not be open to xss attacks.
/// Below fix works but I 10s of columns in differen pages. Is there a way to encode the value without encoding one by one via UniqueName ?
protected void MPViewGridContact_ItemCreated(object sender, GridItemEventArgs e)
{
if (e.Item is GridHeaderItem)
{
GridHeaderItem headerItem = e.Item as GridHeaderItem; var button = headerItem["FIRSTANDLASTNAME"].Controls[0] as LinkButton;
button.Text = AntiXSSEncoder.HtmlEncode(button.Text); } }
1 Answer, 1 is accepted
0
Hello ,
The current implementation of the control does not expose a property or method that would allow the header text to be encoded. Considering the aforementioned I recommend following the approach you have already implemented.
Regards,
Angel Petrov
Telerik
The current implementation of the control does not expose a property or method that would allow the header text to be encoded. Considering the aforementioned I recommend following the approach you have already implemented.
Regards,
Angel Petrov
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.