Hi
Im using Radgrid ExportToExcel() but getting this vulnerability caused the exported file to be broken
is there any workaround for this?
1 Answer, 1 is accepted
Hi Dennis,
RadGrid by default will display HTML code as-is in the Datasource. Because of that, the default export functionality will export to HTML-Based excel and as a result HTML script will be exported the same way into the document. If the data source data contains malicious scripts, they will be executed even if the Grid is loaded on the page not only in the exported excel file.
To prevent that, you will need to do one of the following:
a) The first and most important is to avoid having HTML content in the data source.
b) Encode the data before displaying it by setting the HtmlEncode property of the Grid columns to true:
<telerik:GridBoundColumn HtmlEncode="true"></telerik:GridBoundColumn>c) You can also export to the latest version of Excel (Office Open XML - XSLX) by setting the ExportSettings -> Excel-Format to XLSX
<telerik:RadGrid ID="RadGrid1" runat="server">
<ExportSettings>
<Excel Format="Xlsx" />
</ExportSettings>
</telerik:RadGrid>
I hope this will be helpful.
Regards,
Attila Antal
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.