RadFilter Text Field Editor validation

2 posts, 0 answers
  1. merikmgrasp
    merikmgrasp avatar
    5 posts
    Member since:
    May 2007

    Posted 03 Aug Link to this post

    I am dynamically adding RadFilter editors, such as  RadFilterTextFieldEditor, to RadFilter, server side.

    When the web page is running, if a user enters certain "dangerous" text strings such as "<!--" or "<script>" into the RadFilterTextFieldEditor, the RadFilter control stops functioning (you can no longer add new expressions or groups to your Filter expression).  If I try to navigate to another page in my web app, I get logged out because my session has been destroyed/lost.  There MAY be an unhandled "A potentially dangerous Request.Form value was detected" exception that is causing the user session to be destroyed.

    My fix would be to intercept the RadFilterTextFieldEditor text and strip any potentially dangerous user input (such as embedded JavaScript).

    I do not see an OnBlur/OnChange event on the RadFilterTextFieldEditor that I could use to intercept the user input before it is posted.

    I tried adding an asp.net validator on the RadFilter control but that does not work because RadFilter is not an "input" type of control.

    I looked at the RadFilter client side events (OnFilterCreated/OnFilterCreating) but those do not appear to allow me to strip the user text input before it is too late.

    Can you suggest a way to handle RadFilterTextFieldEditor text to prevent users from entering "dangerous" text.

    Courtney

     

  2. Attila Antal
    Admin
    Attila Antal avatar
    563 posts

    Posted 06 Aug Link to this post

    Hi Courtney,

    You can attach event listeners to any input on a page and use the event handler to strip of the input value.

    For instance, you can attach the 'change' event in the following way. You can also attach other events, such as keyup, keydown, if you want the event to fire when different actions are made.

    function pageLoadHandler() {
    
        $telerik.$(document).on('change', '.RadFilter .RadInput.rfControl', function (e) {
    
            var input = e.target;
    
            var inputValue = input.value;
    
    
            // implement a logic that will intercept the value, strip of the unwanted characters and replace that with the new value
    
            input.value = "My Safe, stripped off message here";
    
        })
        // Sys.Application.remove_load(pageLoadHandler);  
    }
    Sys.Application.add_load(pageLoadHandler);  

     

    Kind regards,
    Attila Antal
    Progress Telerik

Back to Top