Using MVC3, Razor, C#, IE8.
In order to protect against XSS, it's necessary to encode my model data before rendering it to the browser. The default Html.EditorFor is encoding the data that is sent to the view. However, the infragistics editors are not. Is there a property that needs to be set?
What is the preferred way of html encoding on an infragistics editor?
Thanks.Tony
Hello Anthony,
I have sent your feature request directly to our product management team. Our product team chooses new feature requests for development based on popular feedback from our customer base. Infragistics continues to monitor application development for all of our products, so as trends appear in requested features, we can plan accordingly.
We value your input, and our philosophy is to enhance our toolset based on customer feedback. If your feature is chosen for development, you will be notified at that time. Your reference number for this feature request is FR13988.
If you would like to follow up on your feature request at a later point, you may contact Developer Support management via email. Please include the reference number of your feature request in the subject and body of your email message. You can reach Developer Support management through the following email address: dsmanager@infragistics.com
Thank you for your request.
Best Regards,
Maya Kirova
Developer Support Engineer
Infragistics, Inc.
http://es.infragistics.com/support
Thank you for your patience.
There’s currently no direct setting for the html encoding of the editors. For that reason I’m going to log a feature request regarding this so that such an option may be added in the future.
As an alternative i can suggest that you use the following : http://api.jquery.com/jQuery.ajaxPrefilter/
And set the encoding of each ajax request for the data.
I’ll contact you with the feature request number so that you can follow up later on it.
Let me know if you have any further questions.
Hi Maya,
Intently looking forward to your findings.
Thanks,Tony
I apologize about the delayed response.
I’m currently looking into this. I’ll contact you by tomorrow with what I’ve found out.