This question is locked. New answers and comments are not allowed.
Hey all. I looked and when using the filter controls built into the grid, I can properly filter on the ' character and other special characters.
However, when I am manually setting the filter in javascript, I am having a problem.
I am doing the following:
In my example. Ive only escaped description, because that is what I am using as my test case right now.
It translates a single quote to "%27". but this does not properly get read when calling a client-side filter. Does anyone have any suggestions on how to properly sanitize/encode the input to avoid script injection/modification attacks? Thanks. :)
Or is there a way to get the client side filter to take the escaped strings?
However, when I am manually setting the filter in javascript, I am having a problem.
I am doing the following:
| var pn = $("#FilterPartNumber").val(); |
| var desc = $("#FilterDescription").val(); |
| var project = $("#Projects").val(); |
| var grid = $("#ItemsGrid").data("tGrid"); |
| grid.filterBy = "substringof(PartNumber,'" + pn + "')~and~substringof(Description,'" + escape(desc) + "')~and~substringof(PartNumber,'" + project + "')"; |
| grid.pageTo(1); |
In my example. Ive only escaped description, because that is what I am using as my test case right now.
It translates a single quote to "%27". but this does not properly get read when calling a client-side filter. Does anyone have any suggestions on how to properly sanitize/encode the input to avoid script injection/modification attacks? Thanks. :)
Or is there a way to get the client side filter to take the escaped strings?
3 Answers, 1 is accepted
0
Accepted
Hi Matthew,
Just replace a single ' with two ('') and it should work.
Regards,
Atanas Korchev
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
Just replace a single ' with two ('') and it should work.
Regards,
Atanas Korchev
the Telerik team
Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
0
Matthew
Top achievements
Rank 2
Rank 2
answered on 05 Apr 2010, 01:37 PM
Thanks again. You guys at Telerik are great.
0
Tran
Top achievements
Rank 1
Rank 1
answered on 18 May 2012, 05:05 AM
Hi Atanas Korchev ,
I have the same problem with (') character and can solve it following your suggestion .
But I'm facing other issues with some special character such as ("),(>),(<), etc.
Your reply will help me a lots .
Thanks so much ,
I have the same problem with (') character and can solve it following your suggestion .
But I'm facing other issues with some special character such as ("),(>),(<), etc.
Your reply will help me a lots .
Thanks so much ,