Unanswered: how can I prevent displaying images or iframes in EditorGrid?
Hi, I have a editorgrid and when I type the following lines in any row, the image or iframe gets displayed.how can I prevent image or iframes getting displayed?
how can I prevent images or iframes getting displayed on EditorGrid?
Hi, I have an EditorGrid and when I enter the following in any column, image or iframe gets displayed.
<iframe src='www.google.com' />
<img src="www.google.com" />
how can I prevent image or iframes getting displayed?
How are these getting drawn at all? Likely you need to be sure that user input is correctly encoded - this should be automatic in GXT 3 (and this is the GXT 3 forum), though requires some effort in GXT 2.
EditorGrid only exists in GXT 2 (the concept is slightly different in 3), so I assume you are talking about that. The easiest way is to set up a GridCellRenderer for the column that htmlencodes the strings passed in so no html is rendered. Consider the com.google.gwt.safehtml.shared.SafeHtmlUtils.htmlEscape(String) function for this purpose.
If you want to selectively process html tags, this isn't something GWT or GXT really provide support for, as there are many ways to render arbitrary content (use of img tag, iframe tag, onerror attribute, background-image css, to name only a few).
Tags for this Thread