What's New?

[CLOSED] XSS Security Issue with Ext.net

  1. #1
    Jan 21, 2014, 2:01 PM

    [CLOSED] XSS Security Issue with Ext.net

    http://mvc.ext.net/#/GridPanel_Plugins/CellEditing/

    Goto any cell and type <plaintext>
    It will show some scripts in the grid.

    Thanks,
    Rajiv Dutt
    Last edited by Daniil; Jan 28, 2014 at 5:22 AM. Reason: [CLOSED]
  2. #2
    Jan 21, 2014, 2:47 PM
    Quote Originally Posted by RajivDutt View Post
    http://mvc.ext.net/#/GridPanel_Plugins/CellEditing/

    Goto any cell and type <plaintext>
    It will show some scripts in the grid.

    Thanks,
    Rajiv Dutt
    I'm not too sure how this is a XSS issue?
    Geoffrey McGill
    Founder
    Ext.NETASP.NET UI Component framework
    RetypeDocumentation website generator
    MojeeLightning fast Emoji library for .NET
    Ext.NET Examples|Ext.NET API Docs|ExtJS API Docs|Twitter
  3. #3
    Jan 22, 2014, 4:28 AM
    Ok, what type of issue is this? Is it desired functionality of the grid?
  4. #4
    Jan 22, 2014, 6:50 AM
    XSS is vulnerability enables attackers to inject html or client-side script into pages viewed by other users.
    In the example you inject html to own page, it is not XSS. If you plan to show that editable to othher users then you have to check submitted data manually (by default, ASP.NET raisea an exception that submitted content is dangerous)

    GridPanel displays content from editor as is. If you want to use html data in the grid then encode content in Renderer
    <Renderer Format="HtmlEncode" />

Similar Threads

  1. [CLOSED] Grid panel issue - Displaying vertically compressed in most of time, the issue is regressive.
    By Aparna_B in forum 1.x Legacy Premium Help
    Replies: 3
    Last Post: Dec 05, 2012, 1:38 PM
  2. [CLOSED] Pecilluar issue in the DropDown, UI Issue
    By Shanth in forum 1.x Legacy Premium Help
    Replies: 4
    Last Post: Feb 22, 2012, 12:02 PM

Posting Permissions