how to escape html entities in grid?

Question

I have grid column:

{
    header: "",
    sortable: false,
    id: 'value',
    dataIndex: 'value',
    hidden: false,
    editor: {
        xtype: 'textfield',
        allowBlank: false
    }
}

How to escape html entities only in renderer function for this column ?

score 12 · Answer 1 · answered May 21 '11 at 00:22

12

The renderer property of a column definition can take either a function or the string name of one of Ext.util.Format's methods. In this case you can use the htmlEncode method by declaring the column as:

{
    header: "",
    sortable: false,
    id: 'value',
    dataIndex: 'value',
    hidden: false,
    editor: {
        xtype: 'textfield',
        allowBlank: false
    },
    renderer: 'htmlEncode'
}

answered May 21 '11 at 00:22

owlness

2,936
18
13

2

I had to use `renderer: Ext.util.Format.htmlFormat` (rather than a string; in Ext3). – Joe Freeman Feb 01 '12 at 16:00
Couldn't find any such named property. Can you please help to identify where should I apply this `htmlEncode`? – Johnny_D Jun 05 '13 at 13:13

score 2 · Answer 2 · answered May 20 '11 at 15:20

2

There is a autoEncode property on the EditorGridPanel.

"True to automatically HTML encode and decode values pre and post edit (defaults to false)."

Just set it to true.

autoEncode: true

answered May 20 '11 at 15:20

Dasha Salo

5,159
5
26
28

score 1 · Answer 3 · answered Dec 19 '16 at 06:05

1

hi write this code in app.js file //code for grid xss

Ext.override(Ext.grid.column.Column, {
defaultRenderer: Ext.util.Format.htmlEncode
});

answered Dec 19 '16 at 06:05

Dinesh P

21
1

how to escape html entities in grid?

3 Answers3