Telerik Forums / Kendo UI for jQuery
This is a migrated thread and some comments may be shown as answers.

How to prevent inline paste from executing html

2 Answers 143 Views
Spreadsheet
This is a migrated thread and some comments may be shown as answers.
Benjamin
Top achievements
Rank 1
Benjamin asked on 14 Jul 2020, 07:33 PM
spreadsheetpaste.png

Hello,

 

I am looking for help regarding preventing a kendo spreadsheet from executing html that is pasted into a cell.  I have tried $(document).on('paste', function () {}) and the kendo paste function prevent defaults, but neither or these worked.  Any suggestions?

Example:

Dojo: https://dojo.telerik.com/AjomeMOH/5

Paste value : <img src=x onerror=alert(123)>

 

Thanks

2 Answers, 1 is accepted

Sort by
0
Benjamin
Top achievements
Rank 1
answered on 16 Jul 2020, 02:23 PM
I figured it out.  Something within the init() of the paste command was causing this issue.  A workaround is to encode the text for the init() command and then decode it within the spreadsheet paste event.  see this Dojo for an example: https://dojo.telerik.com/AjomeMOH/23
0
Ivan Danchev
Telerik team
answered on 16 Jul 2020, 03:19 PM

Hello Benjamin,

This is an interesting approach. Thank you for sharing it with the community. I am sure it will be helpful to anyone that faces this scenario.

Regards,
Ivan Danchev
Progress Telerik

Tags
Spreadsheet
Asked by
Benjamin
Top achievements
Rank 1
Answers by
Benjamin
Top achievements
Rank 1
Ivan Danchev
Telerik team
Share this question
or