Telerik Forums / UI for ASP.NET Core

Grid Template Column and Strict CSP

1 Answer 62 Views
Grid
Tim
Top achievements
Rank 3
Iron
Iron
Iron
Tim asked on 11 Oct 2024, 04:39 PM

I have a grid with the following template columns:

columns.Template("<input type='checkbox' />");
columns.Template("<input type='hidden' value='#=Ssid#' />");

Html.Kendo().Template().AddHtml() cannot be used because it does not return a string.

How can I rewrite the code to be compatible with a strict content security policy (e.g. without using unsafe-inline)?

Thank you

1 Answer, 1 is accepted

Sort by
1
Accepted
Eyup
Telerik team
answered on 13 Oct 2024, 06:23 AM

Hello Tim,

 

Thank you for writing to us.

Since R1 2023 version, as per the CSP compliance initiative, we had to remove the evaluations within kendo templates from the source of our components, as they are not compatible with the unsafe-eval directive:
https://github.com/telerik/kendo-ui-core/issues/7174

 
You can find additional info here:
https://docs.telerik.com/aspnet-core/html-helpers/helper-basics/content-security-policy

In order to make the old template compatible with CSP, you can use a Template Handler or the newly introduced Template component. Both of these solutions are demonstrated here with examples:
https://docs.telerik.com/aspnet-core/html-helpers/helper-basics/using-client-templates#using-the-template-component

Do you find this explanation beneficial? Am I missing something? Let me know what you think.

 

Regards,
Eyup
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Tim
Top achievements
Rank 3
Iron
Iron
Iron
commented on 15 Oct 2024, 01:05 PM

Thanks for your response. This is helpful information.

I couldn't find an example to convert a grid column like this:

columns.Template("<input type='checkbox' />");

Can the Html.Kendo().Template() component only be used with bound columns?

Is there any problem with having a field bound to more than one column in a grid?

For example:

columns.Bound(x => x.Ssid).ClientTemplate(Html.Kendo().Template().AddHtml("<input type='checkbox' />"));
columns.Bound(x => x.Ssid);

Thank you

Eyup
Telerik team
commented on 18 Oct 2024, 01:24 PM

Hi Tim,

Thank you for the additional details. I will prepare a working sample to demonstrate a working project and send it to you in 24 hours.

Eyup
Telerik team
commented on 19 Oct 2024, 11:30 PM

kendocoregridcolumntemplatecsp.zip

Yes, you can bind one field to multiple columns. Here are some different ways I have prepared for demonstration:

                    columns.Template(Html.Kendo().Template().AddHtml("<input type='checkbox' />"));
                    columns.Bound("").ClientTemplate(Html.Kendo().Template().AddHtml("<input type='checkbox' />"));
                    columns.Bound("ShipName").ClientTemplate(Html.Kendo().Template().AddHtml("<input type='checkbox' />"));
                    columns.Bound(x => x.ShipName).ClientTemplate(Html.Kendo().Template().AddHtml("<input type='checkbox' />"));

And all of them are rendered as expected:

I am also sending the entire runnable Grid project with CSP enabled.

I hope it will prove helpful.

 

Tim
Top achievements
Rank 3
Iron
Iron
Iron
commented on 22 Oct 2024, 01:09 PM

This is great. Thank you for your help!
Tags
Grid
Asked by
Tim
Top achievements
Rank 3
Iron
Iron
Iron
Answers by
Eyup
Telerik team
Share this question
or