This is a migrated thread and some comments may be shown as answers.

Javascript injection attack?

1 Answer 71 Views
AsyncUpload
This is a migrated thread and some comments may be shown as answers.
Peter
Top achievements
Rank 1
Peter asked on 09 Dec 2015, 12:29 AM
Is there a way to prevent a maliciously-named file from causing a Javascript injection? If you use a Mac (so that you're not bound by Windows filename conventions) and name a file with javascript in the file name, it's possible to cause the page to fire that javascript. I've already disabled the 'show filename' option, but it still is firing when I test this.

1 Answer, 1 is accepted

Sort by
0
Dimitar
Telerik team
answered on 09 Dec 2015, 09:43 AM
Hello,

I would suggest you to rename the file to escape any malicious characters. You may refer to the How to upload files from MAC or Linux help article. If this approach does not help you resolve the problem faced, could you open a new Support Ticket and provide details how to reproduce the described behavior on our end.

Regards,
Dimitar
Telerik
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
Tags
AsyncUpload
Asked by
Peter
Top achievements
Rank 1
Answers by
Dimitar
Telerik team
Share this question
or