Quote Originally Posted by jack.slocum View Post
grid.on('validateedit', function(e){
   e.value = Ext.util.Format.stripTags(e.value);
Yay, even better than the previous workaround!

I agree re someone injecting js for their own pages, but the example above shows someone doing it such that they get data from other users. Granted, server side scrubbing is the fix there, but the UI would not reflect that scrubbing without additional code. Having said that, the 3 liner is easy enough to add in (and would be sooo nice as a toggle).