Telerik Forums / UI for ASP.NET AJAX
This is a migrated thread and some comments may be shown as answers.

RadFilter Text Field Editor validation

1 Answer 89 Views
Filter
This is a migrated thread and some comments may be shown as answers.
merikmgrasp
Top achievements
Rank 1
merikmgrasp asked on 03 Aug 2020, 07:12 PM

I am dynamically adding RadFilter editors, such as  RadFilterTextFieldEditor, to RadFilter, server side.

When the web page is running, if a user enters certain "dangerous" text strings such as "<!--" or "<script>" into the RadFilterTextFieldEditor, the RadFilter control stops functioning (you can no longer add new expressions or groups to your Filter expression).  If I try to navigate to another page in my web app, I get logged out because my session has been destroyed/lost.  There MAY be an unhandled "A potentially dangerous Request.Form value was detected" exception that is causing the user session to be destroyed.

My fix would be to intercept the RadFilterTextFieldEditor text and strip any potentially dangerous user input (such as embedded JavaScript).

I do not see an OnBlur/OnChange event on the RadFilterTextFieldEditor that I could use to intercept the user input before it is posted.

I tried adding an asp.net validator on the RadFilter control but that does not work because RadFilter is not an "input" type of control.

I looked at the RadFilter client side events (OnFilterCreated/OnFilterCreating) but those do not appear to allow me to strip the user text input before it is too late.

Can you suggest a way to handle RadFilterTextFieldEditor text to prevent users from entering "dangerous" text.

Courtney

 

1 Answer, 1 is accepted

Sort by
0
Attila Antal
Telerik team
answered on 06 Aug 2020, 02:20 PM

Hi Courtney,

You can attach event listeners to any input on a page and use the event handler to strip of the input value.

For instance, you can attach the 'change' event in the following way. You can also attach other events, such as keyup, keydown, if you want the event to fire when different actions are made.

function pageLoadHandler() {

    $telerik.$(document).on('change', '.RadFilter .RadInput.rfControl', function (e) {

        var input = e.target;

        var inputValue = input.value;


        // implement a logic that will intercept the value, strip of the unwanted characters and replace that with the new value

        input.value = "My Safe, stripped off message here";

    })
    // Sys.Application.remove_load(pageLoadHandler);  
}
Sys.Application.add_load(pageLoadHandler);

 

Kind regards,
Attila Antal
Progress Telerik

Tags
Filter
Asked by
merikmgrasp
Top achievements
Rank 1
Answers by
Attila Antal
Telerik team
Share this question
or