jQuery Grid Plugin - jqGrid - Topic: XSS for inline editing with autoencode http://www.trirand.com/blog/?page_id=393/help/xss-for-inline-editing-with-autoencode Simple:Press Version 5.7.5.3 tony on XSS for inline editing with autoencode http://www.trirand.com/blog/?page_id=393/help/xss-for-inline-editing-with-autoencode#p30935 Help http://www.trirand.com/blog/?page_id=393/help/xss-for-inline-editing-with-autoencode#p30935 Hello,

 

depending on the editing module you can use serializeEditData to make the conversion, before it is posted to the server

 

Regards

]]> Mon, 11 Aug 2014 14:03:07 +0300 dk on XSS for inline editing with autoencode http://www.trirand.com/blog/?page_id=393/help/xss-for-inline-editing-with-autoencode#p30925 Help http://www.trirand.com/blog/?page_id=393/help/xss-for-inline-editing-with-autoencode#p30925 Hi all, 

I am working on inline editing in jqGrid, and wanted to escape wherever the html is getting executed. I can't use autoencode for now due to the way different consumers are using the grid code. Could you please point me out in the jqgrid code where to escape the html so it does not execute code like this when entered through inline editing: 

<img src=a onerror=alert(1)>

Thanks!!

]]> Tue, 05 Aug 2014 04:06:05 +0300