Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how to escape html entities in grid?

Tags:

extjs

I have grid column:

{
    header: "",
    sortable: false,
    id: 'value',
    dataIndex: 'value',
    hidden: false,
    editor: {
        xtype: 'textfield',
        allowBlank: false
    }
}

How to escape html entities only in renderer function for this column ?

like image 878
Bdfy Avatar asked May 20 '11 14:05

Bdfy


3 Answers

The renderer property of a column definition can take either a function or the string name of one of Ext.util.Format's methods. In this case you can use the htmlEncode method by declaring the column as:

{
    header: "",
    sortable: false,
    id: 'value',
    dataIndex: 'value',
    hidden: false,
    editor: {
        xtype: 'textfield',
        allowBlank: false
    },
    renderer: 'htmlEncode'
}
like image 92
owlness Avatar answered Nov 06 '22 20:11

owlness


There is a autoEncode property on the EditorGridPanel.

"True to automatically HTML encode and decode values pre and post edit (defaults to false)."

Just set it to true.

autoEncode: true
like image 42
Dasha Salo Avatar answered Nov 06 '22 20:11

Dasha Salo


hi write this code in app.js file //code for grid xss

Ext.override(Ext.grid.column.Column, {
defaultRenderer: Ext.util.Format.htmlEncode
});
like image 1
Dinesh P Avatar answered Nov 06 '22 21:11

Dinesh P