<ig:WebHierarchicalDataGrid ID="WebHierarchicalDataGrid1" runat="server" AutoGenerateColumns="false" AutoGenerateBands="false" DataKeyFields="ProcId" Width="100%"> <Columns> <ig:TemplateDataField Key="HiddenId" Hidden="true"> <ItemTemplate>99999999</ItemTemplate> </ig:TemplateDataField> <ig:TemplateDataField Key="ParentState" Header-Text="Health"> <ItemTemplate> <div style="text-align: left;"> <img src="<%# GetHealthStateImage(DataBinder.Eval(Container, "DataItem.LastUpdateDate"))%>" alt="" class="health-indicator" /> </div> </ItemTemplate> </ig:TemplateDataField> <ig:BoundDataField DataFieldName="ProcId" Key="ProcId" Header-Text="DS Processor Id" Hidden="true" /> <ig:BoundDataField DataFieldName="Name" Key="Name" Header-Text="Data Source Processor" /> <ig:BoundDataField DataFieldName="Description" Key="Description" Header-Text="Activity Type" /> <%--<ig:BoundDataField DataFieldName="ReportingState" Key="ReportingState" Header-Text="Reporting State" />--%> <ig:TemplateDataField Key="ReportingState" Header-Text="Reporting State"> <ItemTemplate> <div style="text-align: left;" title="<%# GetReportingStateToolTip(DataBinder.Eval(Container, "DataItem.ReportingState"))%>" > <img src="<%# GetReportingStateImage(DataBinder.Eval(Container, "DataItem.ReportingState"))%>" alt="<%# GetReportingStateToolTip(DataBinder.Eval(Container, "DataItem.ReportingState"))%>" class="health-indicator" /> </div> </ItemTemplate> </ig:TemplateDataField> <%--<ig:BoundDataField DataFieldName="ExpectedFrequency" Key="ExpectedFrequency" Header-Text="Frequency (Days)" />--%> <ig:BoundDataField DataFieldName="TotalNewRecords" Key="TotalNewRecords" Header-Text="Total New" /> <ig:BoundDataField DataFieldName="RangedCount" Key="RangedCount" Header-Text="Total in Range" /> <ig:BoundDataField DataFieldName="NegativeCount" Key="NegativeCount" Header-Text="Negative Records" /> <ig:BoundDataField DataFieldName="LastUpdateUser" Key="LastUpdateUser" Header-Text="Last Update Source" /> <ig:TemplateDataField Key="FormattedUpdateDate" Header-Text="Last Update Date"> <ItemTemplate> <div style="text-align: left;"> <%# GetFormattedUpdateDate(DataBinder.Eval(Container, "DataItem.LastUpdateDate"))%> </div> </ItemTemplate> </ig:TemplateDataField> <ig:TemplateDataField Key="Comments" Header-Text="Comments"> <ItemTemplate> <div style="text-align: left;"> <img src="images/icons/edit_icon.png" alt="" style="cursor:pointer;" onclick="PopCommentsModal(<%# EFTSSecurity.AntiXss.HtmlEncode(DataBinder.Eval(Container, "DataItem.ProcId").ToString()) %>, 999999999, 99999999)" /> </div> </ItemTemplate> </ig:TemplateDataField> </Columns> <Bands> <ig:Band DataMember="OriginalDataSrcs" Key="ProcId" AutoGenerateColumns="false" ItemCssClass="OrdersItem" AltItemCssClass="OrdersAltItem" HeaderCaptionCssClass="OrdersHeaderCaption"> <Columns> <ig:TemplateDataField Key="State" Header-Text="State"> <ItemTemplate> <div style="text-align: left;"> <img src="<%# GetHealthStateImage(DataBinder.Eval(Container, "DataItem.LastUpdate"))%>" alt="" class="health-indicator" /> </div> </ItemTemplate> </ig:TemplateDataField> <ig:BoundDataField DataFieldName="ProcId" Key="ProcId" Header-Text="DS Processor Id" Hidden="true" /> <ig:BoundDataField DataFieldName="OriginalSource" Key="OriginalSource" Header-Text="Original Source" /> <ig:BoundDataField DataFieldName="RecordsCount" Key="RecordsCount" Header-Text="New Count" /> <ig:BoundDataField DataFieldName="RangedCount" Key="RangeCount" Header-Text="Range Count" /> <ig:BoundDataField DataFieldName="NegativeRecordsCount" Key="NegativeRecordsCount" Header-Text="Negative Reports" /> <ig:TemplateDataField Key="SubRowFormattedUpdateDate" Header-Text="Last Update Date"> <ItemTemplate> <div style="text-align: left;"> <%# GetFormattedUpdateDate(DataBinder.Eval(Container, "DataItem.LastUpdate"))%> </div> </ItemTemplate> </ig:TemplateDataField> <ig:BoundDataField DataFieldName="LastUpdateTimestamp" Key="LastUpdateTimestamp" Header-Text="Timestamp" Hidden="true"/> <ig:TemplateDataField Key="ChildComments" Header-Text="Comments"> <ItemTemplate> <div style="text-align: left;"> <img src="images/icons/edit_icon.png" alt="" style="cursor:pointer;" onclick="PopCommentsModal(<%# EFTSSecurity.AntiXss.HtmlEncode(DataBinder.Eval(Container, "DataItem.ProcId").ToString()) %>, <%# EFTSSecurity.AntiXss.HtmlEncode(DataBinder.Eval(Container, "DataItem.DataSourceId").ToString()) %>, 99999999)" /> </div> </ItemTemplate> </ig:TemplateDataField> </Columns> <Behaviors> <ig:Sorting SortingMode="Single" Enabled="true" /> </Behaviors> </ig:Band> </Bands> <Behaviors> <ig:Selection Enabled="true" CellClickAction="Row" RowSelectType="Single"> <SelectionClientEvents RowSelectionChanged="WHDG_RowSelectionChanged" /> </ig:Selection> <%-- <ig:Paging PagerAppearance="Bottom" PageSize="50" Enabled="true" />--%> <ig:Sorting SortingMode="Single" Enabled="true" /> </Behaviors> </ig:WebHierarchicalDataGrid>
<ig:WebHierarchicalDataGrid ID="WebHierarchicalDataGrid1" runat="server" AutoGenerateColumns="false"
AutoGenerateBands="false" DataKeyFields="ProcId" Width="100%">
<Columns>
<ig:TemplateDataField Key="HiddenId" Hidden="true">
<ItemTemplate>99999999</ItemTemplate>
</ig:TemplateDataField>
<ig:TemplateDataField Key="ParentState" Header-Text="Health">
<ItemTemplate>
<div style="text-align: left;">
<img src="<%# GetHealthStateImage(DataBinder.Eval(Container, "DataItem.LastUpdateDate"))%>" alt="" class="health-indicator" />
</div>
</ItemTemplate>
<ig:BoundDataField DataFieldName="ProcId" Key="ProcId" Header-Text="DS Processor Id" Hidden="true" />
<ig:BoundDataField DataFieldName="Name" Key="Name" Header-Text="Data Source Processor" />
<ig:BoundDataField DataFieldName="Description" Key="Description" Header-Text="Activity Type" />
<%--<ig:BoundDataField DataFieldName="ReportingState" Key="ReportingState" Header-Text="Reporting State" />--%>
<ig:TemplateDataField Key="ReportingState" Header-Text="Reporting State">
<div style="text-align: left;" title="<%# GetReportingStateToolTip(DataBinder.Eval(Container, "DataItem.ReportingState"))%>" >
<img src="<%# GetReportingStateImage(DataBinder.Eval(Container, "DataItem.ReportingState"))%>"
alt="<%# GetReportingStateToolTip(DataBinder.Eval(Container, "DataItem.ReportingState"))%>" class="health-indicator" />
<%--<ig:BoundDataField DataFieldName="ExpectedFrequency" Key="ExpectedFrequency" Header-Text="Frequency (Days)" />--%>
<ig:BoundDataField DataFieldName="TotalNewRecords" Key="TotalNewRecords" Header-Text="Total New" />
<ig:BoundDataField DataFieldName="RangedCount" Key="RangedCount" Header-Text="Total in Range" />
<ig:BoundDataField DataFieldName="NegativeCount" Key="NegativeCount" Header-Text="Negative Records" />
<ig:BoundDataField DataFieldName="LastUpdateUser" Key="LastUpdateUser" Header-Text="Last Update Source" />
<ig:TemplateDataField Key="FormattedUpdateDate" Header-Text="Last Update Date">
<%# GetFormattedUpdateDate(DataBinder.Eval(Container, "DataItem.LastUpdateDate"))%>
<ig:TemplateDataField Key="Comments" Header-Text="Comments">
<img src="images/icons/edit_icon.png" alt="" style="cursor:pointer;" onclick="PopCommentsModal(<%# EFTSSecurity.AntiXss.HtmlEncode(DataBinder.Eval(Container, "DataItem.ProcId").ToString()) %>, 999999999, 99999999)" />
</Columns>
<Bands>
<ig:Band DataMember="OriginalDataSrcs" Key="ProcId" AutoGenerateColumns="false"
ItemCssClass="OrdersItem" AltItemCssClass="OrdersAltItem" HeaderCaptionCssClass="OrdersHeaderCaption">
<ig:TemplateDataField Key="State" Header-Text="State">
<img src="<%# GetHealthStateImage(DataBinder.Eval(Container, "DataItem.LastUpdate"))%>"
alt="" class="health-indicator" />
<ig:BoundDataField DataFieldName="OriginalSource" Key="OriginalSource" Header-Text="Original Source" />
<ig:BoundDataField DataFieldName="RecordsCount" Key="RecordsCount" Header-Text="New Count" />
<ig:BoundDataField DataFieldName="RangedCount" Key="RangeCount" Header-Text="Range Count" />
<ig:BoundDataField DataFieldName="NegativeRecordsCount" Key="NegativeRecordsCount" Header-Text="Negative Reports" />
<ig:TemplateDataField Key="SubRowFormattedUpdateDate" Header-Text="Last Update Date">
<%# GetFormattedUpdateDate(DataBinder.Eval(Container, "DataItem.LastUpdate"))%>
<ig:BoundDataField DataFieldName="LastUpdateTimestamp" Key="LastUpdateTimestamp" Header-Text="Timestamp" Hidden="true"/>
<ig:TemplateDataField Key="ChildComments" Header-Text="Comments">
<img src="images/icons/edit_icon.png" alt="" style="cursor:pointer;" onclick="PopCommentsModal(<%# EFTSSecurity.AntiXss.HtmlEncode(DataBinder.Eval(Container, "DataItem.ProcId").ToString()) %>, <%# EFTSSecurity.AntiXss.HtmlEncode(DataBinder.Eval(Container, "DataItem.DataSourceId").ToString()) %>, 99999999)" />
<Behaviors>
<ig:Sorting SortingMode="Single" Enabled="true" />
</Behaviors>
</ig:Band>
</Bands>
<ig:Selection Enabled="true" CellClickAction="Row" RowSelectType="Single">
<SelectionClientEvents RowSelectionChanged="WHDG_RowSelectionChanged" />
</ig:Selection>
<%-- <ig:Paging PagerAppearance="Bottom" PageSize="50" Enabled="true" />--%>
</ig:WebHierarchicalDataGrid>
I have page that using old Infragistics WebGrid component. I noticed that there appears to have a autogenerated hidden input field with ID as WebHierarchicalDataGrid1ID + _clientstate. In my case, my DataGrid has an ID of WebHierarchicalDataGrid1, so the ID of that hidden input field is WebHierarchicalDataGrid1_clientstate. When clicking on the arrow to show the child-grid, the inputbox will be filed with a series of null object like so:"[[null,[[[null,[[[[[]],[],null],[null,null],[null]]],null],[{},[{},{}]],null],[[null,[],null],[{},[]],null],[[null,[[[null,[[[[[]],[],null],[null,null],[null]]],null],[{},[{},{}]],null]],null],[{},[]],null]],null],[{},[]],[]]"
This triggers the security alert since it looks like SQL injection.
My question is: why is there a hidden input box automatically generated? How can I hide it if there is a way?
Hello,
The ClientState hidden filed is used to send information about changes done on the client to the server. It holds information of properties that have been changed on the client that need to be addressed on the server.
So far we have not encountered any security issues related to the ClientState hidden fields, it also doesn’t expose any information that is not accessible to the user since its value would contain only changes that have been done by or caused by the user.
By stating this, if there is an option to ignore this security alert you should consider it, since it is crucial to the way the WebHierarchicalGrid works.
Regards, Ivan Kitanov