This is a migrated thread and some comments may be shown as answers.

Radhtmlplaceholder takes over whole screen - potential security whole

1 Answer 38 Views
HTMLPlaceHolder
This is a migrated thread and some comments may be shown as answers.
IT Dept
Top achievements
Rank 1
IT Dept asked on 04 Jun 2010, 12:46 PM
Hi all,

We are using Radhtmlplaceholder in our Silverlight application. The SL plug in in this case uses all the available space of the browser. The Radhtmlplaceholder only uses 300px x 300px. Now, if I navigate to a page like this

 

<html>   
<head>   
<script LANGUAGE="JavaScript" type="text/javascript">  
 
if(window != top){  
 
   top.location.href = location.href;  
}  
</script  
</head>   
<BODY> 
<h1>TESTING PAGE</h1> 
</BODY> 
</html> 

in the Radhtmlplaceholder control I have 2 issues:

  1. The content are not displayed within the Radhtmlplaceholder control but replace the content of the whole page.
  2. There is a potential security issue as I can access stuff from the page hosting the SL plug in and even worse I could dive into the Silverlight app itself.

 

Could someone help with this?

Best regards,
Gregory

1 Answer, 1 is accepted

Sort by
0
Valentin.Stoychev
Telerik team
answered on 04 Jun 2010, 12:56 PM
Hello Gregory,

What html palceholder do basically is to just render an iframe or a DIV at the correct position over the SL plugin. Nothing else.

We don't render the html and javascript by ourself and thus it is up to the developer what page will load - we dont have and we can't have any restrictions over the html page or the html string that is loaded.


Kind regards,
Valentin.Stoychev
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Tags
HTMLPlaceHolder
Asked by
IT Dept
Top achievements
Rank 1
Answers by
Valentin.Stoychev
Telerik team
Share this question
or