2 Answers, 1 is accepted
0
Hello Wendel,
That report is regarding 2018.1.221 version. And since that version there are fixes that target XSS vulnerability. I suggest you to re-test the Kendo Editor and check out the specific case.
Also, everything about XSS prevention in Kendo Editor is documented here: https://docs.telerik.com/kendo-ui/controls/editors/editor/preventing-xss. When it comes to supporting a more advanced XSS prevention there are the custom serialization and deserialization options: https://docs.telerik.com/kendo-ui/controls/editors/editor/preventing-xss#serialization-and-deserialization.
If you have any further questions on the topic please provide a specific scenario that you have. The exact HTML that is being used in Editor that leads to the vulnerability.
Regards,
Ianko
Progress Telerik
That report is regarding 2018.1.221 version. And since that version there are fixes that target XSS vulnerability. I suggest you to re-test the Kendo Editor and check out the specific case.
Also, everything about XSS prevention in Kendo Editor is documented here: https://docs.telerik.com/kendo-ui/controls/editors/editor/preventing-xss. When it comes to supporting a more advanced XSS prevention there are the custom serialization and deserialization options: https://docs.telerik.com/kendo-ui/controls/editors/editor/preventing-xss#serialization-and-deserialization.
If you have any further questions on the topic please provide a specific scenario that you have. The exact HTML that is being used in Editor that leads to the vulnerability.
Regards,
Ianko
Progress Telerik
Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
0
Wendel
Top achievements
Rank 1
Rank 1
answered on 17 May 2019, 02:24 PM
Thank you for the response. I will review those links.