RadUpload control with script tags

Thread is closed for posting
3 posts, 0 answers
  1. Doug
    Doug avatar
    7 posts
    Member since:
    Jun 2011

    Posted 20 Jun 2011 Link to this post

    Hi There,

    I have a page which uses a radupload control.

    We seem to encounter a problem when a user tries to insert script tags to the field. eg.


    What is the suggested way to either validate this input, strip it out, or prevent the error we're being shown.

    The error shown is 'htmlfile : access is denied' which after some searching, seems related to possible the control caling form.submit, behind the scenes.

    Are there build in validator methods we can use with the radupload control? or a way to link it sensibly to a normal asp:validator control?

    Many thanks,

  2. Doug
    Doug avatar
    7 posts
    Member since:
    Jun 2011

    Posted 23 Jun 2011 Link to this post

    Does anyone have any ideas on this one?

    It should be noted that I can effectively break the demo upload page on the telerik site using similar techniques, is this something which is due to be addressed?


  3. Peter Filipov
    Peter Filipov avatar
    1028 posts

    Posted 23 Jun 2011 Link to this post

    Hi Doug,

    RadUpload control is using a standard asp upload control. The control doesn't submit the page behind the scene. Please consult with the following blog about the exception that was thrown. To validate whether a file is selected for upload you can use JQuery - iterate through every input with the following CSS class - ".ruFakeInput" and check if it is empty.

    Kind regards,
    Peter Filipov
    the Telerik team

    Browse the vast support resources we have to jump start your development with RadControls for ASP.NET AJAX. See how to integrate our AJAX controls seamlessly in SharePoint 2007/2010 visiting our common SharePoint portal.

Back to Top