jQuery Grid Plugin - jqGrid - Topic: Handling XSS in jqgrid WITHOUT autoencode http://www.trirand.com/blog/?page_id=393/help/handling-xss-in-jqgrid-without-autoencode Simple:Press Version 5.7.5.3 tony on Handling XSS in jqgrid WITHOUT autoencode http://www.trirand.com/blog/?page_id=393/help/handling-xss-in-jqgrid-without-autoencode#p30936 Help http://www.trirand.com/blog/?page_id=393/help/handling-xss-in-jqgrid-without-autoencode#p30936 Hello,

I have answered you in your previous post.

Please, do not post the same port in two different topics.

 

Regards

]]> Mon, 11 Aug 2014 14:04:38 +0300 dk on Handling XSS in jqgrid WITHOUT autoencode http://www.trirand.com/blog/?page_id=393/help/handling-xss-in-jqgrid-without-autoencode#p30926 Help http://www.trirand.com/blog/?page_id=393/help/handling-xss-in-jqgrid-without-autoencode#p30926 Hi all, 

I am working on inline editing in jqGrid, and wanted to escape wherever the html is getting executed. I can't use autoencode for now due to the way different consumers are using the grid code. Could you please point me out in the jqgrid code where to escape the html so it does not execute code like this when entered through inline editing: 

<img src=a onerror=alert(1)>

Thanks!!

]]> Tue, 05 Aug 2014 05:54:36 +0300