View Full Version : don't show text. '<' and english character (ex. w, b, q, ...) in grid textfield.

24 Aug 2011, 12:20 AM

I use grid and jsonstore. ver Ext JS 3.x
but don't show . if character '<' and english character in text then grid show cut text.
(ex. text " I like cake. <will ... " => grid is show " I like cake. " ) incorrect.
(but text " I like cake. < will ... " => grid is show " I like cake. < will ... ") correct .

I need help please.


24 Aug 2011, 2:46 AM
This forum is for ExtJS 4. Please post future questions in the ExtJS 3 section.

ExtJS takes a rather laissez-faire attitude towards XSS injection attacks. One of the many ways this manifests itself is that grid cells are treated as HTML by default. As such the angle brackets in your value are being interpreted as tags.

You can fix this for an individual column using a renderer:

new Ext.grid.GridPanel({
columns: [
{..., renderer: Ext.util.Format.htmlEncode},

Personally I prefer to change the default value for all columns, you can always change it back on an individual basis if required.

Ext.grid.ColumnModel.defaultRenderer = Ext.util.Format.htmlEncode;

// Note this may not exist, depending on your ExtJS version
Ext.grid.Column.prototype.renderer = Ext.util.Format.htmlEncode;