Results 1 to 2 of 2

Thread: Security issue in grid

  1. #1

    Default Security issue in grid

    When adding '<img onerror="alert('Hi There')" src='./ff'></img>' into column Common Name of the sample of the kitchen sink 'Cell Editing Plants' the script gets executed and the alert pops up.
    This is a critical security issue.

  2. #2
    Sencha Premium User mitchellsimoens's Avatar
    Join Date
    Mar 2007
    Location
    Gainesville, FL
    Posts
    40,448

    Default

    The classic toolkit largely doesn't handle XSS in any component so you'd need to add a renderer to your column(s) that may be at risk and use Ext.String.htmlEncode.
    Mitchell Simoens @LikelyMitch

    Check out my GitHub:
    https://github.com/mitchellsimoens

    Posts are my own, not any current, past or future employer's.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •