Hi,

I was surprised to see that I can type html tags into grid cell editors although my website has form violation turned on.

Lets say I modify your "array grid" example so that the company column becomes editable.

<ext:Column ColumnID="Company" Header="Company" Sortable="true" DataIndex="company">
    <Editor>
        <ext:TextField ID = "txtCompany" runat = "server" />
    </Editor>
</ext:Column>
Now I start editing the value and type the following into the editor:

<a href="http://www.ext.net">click me</a>
I was expecting that - once the editor closes - I get a http error 500 (dangerous form value).
Instead, the grid cell gets updated and now shows a hyperlink to your coolite website.
Is this really secure or could some bad guy exploit this and hack into our website?

Please advise.