This is a migrated thread and some comments may be shown as answers.

HTML Injection

4 Answers 76 Views
General Discussions
This is a migrated thread and some comments may be shown as answers.
Shehab
Top achievements
Rank 1
Shehab asked on 03 Apr 2009, 10:20 AM
Hey, this may sound like a stupid question
But is there a way to inject HTML Document in the report, say like IFrame

We've a rendered HTML page that we want to include or capture in the report, is there a way to do so?
i've looked the HTMLTextBox control, but i guess it renders only html text, not complex html page including images and charts :'(

4 Answers, 1 is accepted

Sort by
0
Steve
Telerik team
answered on 03 Apr 2009, 01:20 PM
Hello Shehab,

Currently the HtmlTextBox handles only a limited number of html elements that are outlined in this help article. Exception is when the report is rendered in HTML because the browser that usually displays the report, would handle the HTML itself. Unfortunately the rest of the supported formats - Image (GDI), PDF, XLS, RTF do not support HTML out of the box, which means that raw html would be rendered in those.

Sorry for the temporary inconvenience and thank you for the understanding.

All the best,
Steve
the Telerik team

Check out Telerik Trainer , the state of the art learning tool for Telerik products.
0
Maaike
Top achievements
Rank 1
answered on 17 Feb 2010, 02:28 PM
What is the estimated release date of the version that does allow more html tags in the html-textbox?
0
Steve
Telerik team
answered on 17 Feb 2010, 05:08 PM
Hi Maaike Welle,

The HtmlTextBox currently supports text formatting options only and we have no plans of introducing other tags not related to the formatting in our short term plans.

Kind regards,
Steve
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
0
David Sal
Top achievements
Rank 1
answered on 25 Feb 2010, 02:09 PM
As i know HTML/Script injection is a popular subject, commonly termed "Cross-Site Scripting", or "XSS". XSS refers to an injection flaw whereby user input to a web script or something along such lines is placed into the output HTML, without being checked for HTML code or scripting.

The two basic types are as follows:

Active (Type 1)
This type of XSS flaw is less dangerous, as the user input is placed into a dynamically generated page. No changes are made on the server.
Passive (Type 2)
This type is more dangerous, as the input is written to a static page, and as such, is persistent.

Tags
General Discussions
Asked by
Shehab
Top achievements
Rank 1
Answers by
Steve
Telerik team
Maaike
Top achievements
Rank 1
David Sal
Top achievements
Rank 1
Share this question
or