Kendo Grid as Widget, how to avoid XSS issues

2 posts, 0 answers
  1. Farox
    Farox avatar
    1 posts
    Member since:
    Nov 2008

    Posted 08 Jul 2016 Link to this post


    For a client I have to implement a widget which displays reporting data in a Kendo UI Grid. This widget will be used on various websites. We do have some limited control on how the widget should be implemented on those websites, but optimally it shouldn't be more than a script tag and a div in which to inject.

    One big concern is XSS issues. While I am digging into this subject I was wondering what the "official" stance on this is, if there are already any past experiences with such a scenario etc. Any pointers are welcome.




  2. Alex Gyoshev
    Alex Gyoshev avatar
    2515 posts

    Posted 11 Jul 2016 Link to this post

    Hello Farox,

    The Grid component does its best to prevent XSS issues by encoding content during rendering, by default. Developers can circumvent this via templates, in which case there should be taken extra care to encode any user data. The official stance therefore is that it is up to the developer to ensure that there are no XSS flaws.

    Alex Gyoshev
    Telerik by Progress
    Get started with Kendo UI in days. Online training courses help you quickly implement components into your apps.
Back to Top