how to escape html entities in grid?

Question

I have grid column:

{
    header: "",
    sortable: false,
    id: 'value',
    dataIndex: 'value',
    hidden: false,
    editor: {
        xtype: 'textfield',
        allowBlank: false
    }
}

How to escape html entities only in renderer function for this column ?

Answer 1

The renderer property of a column definition can take either a function or the string name of one of Ext.util.Format's methods. In this case you can use the htmlEncode method by declaring the column as:

{
    header: "",
    sortable: false,
    id: 'value',
    dataIndex: 'value',
    hidden: false,
    editor: {
        xtype: 'textfield',
        allowBlank: false
    },
    renderer: 'htmlEncode'
}

Answer 2

There is a autoEncode property on the EditorGridPanel.

"True to automatically HTML encode and decode values pre and post edit (defaults to false)."

Just set it to true.

autoEncode: true

Answer 3

hi write this code in app.js file //code for grid xss

Ext.override(Ext.grid.column.Column, {
defaultRenderer: Ext.util.Format.htmlEncode
});