Hi!
For a client I have to implement a widget which displays reporting data in a Kendo UI Grid. This widget will be used on various websites. We do have some limited control on how the widget should be implemented on those websites, but optimally it shouldn't be more than a script tag and a div in which to inject.
One big concern is XSS issues. While I am digging into this subject I was wondering what the "official" stance on this is, if there are already any past experiences with such a scenario etc. Any pointers are welcome.
Thanks!
Thorsten
1 Answer, 1 is accepted
Hello Farox,
The Grid component does its best to prevent XSS issues by encoding content during rendering, by default. Developers can circumvent this via templates, in which case there should be taken extra care to encode any user data. The official stance therefore is that it is up to the developer to ensure that there are no XSS flaws.
Regards,Alex Gyoshev
Telerik by Progress