Results 1 to 2 of 2

Thread: Security issue in grid

  1. #1

    Default Security issue in grid

    When adding '<img onerror="alert('Hi There')" src='./ff'></img>' into column Common Name of the sample of the kitchen sink 'Cell Editing Plants' the script gets executed and the alert pops up.
    This is a critical security issue.

  2. #2
    Sencha Premium User mitchellsimoens's Avatar
    Join Date
    Mar 2007
    Location
    Gainesville, FL
    Posts
    40,449

    Default

    The classic toolkit largely doesn't handle XSS in any component so you'd need to add a renderer to your column(s) that may be at risk and use Ext.String.htmlEncode.
    Mitchell Simoens @LikelyMitch
    Modus Create, Senior Fullstack Engineer
    ________________
    Modus Create is based on the model of an open source team. We’re a remote, global team of experts in our field. To find out more about the work we do, head over to our website.

    Check out my GitHub:
    https://github.com/mitchellsimoens

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •