Telerik Forums
Kendo UI for jQuery Forum
or
Ask question
All Questions
Unanswered
Answered
1 question
1 answer
324 views
Sanitize data from server before rendering widget - xss

Hi,

I have following situation:

We have desktop application and web application with angularJS and Kendo UI jquery which both use same server REST API. 

If user enters malicious code as string <script>alert("security breach")</script> through desktop application or manually through postman and API, this is saved to the database (we have cases where we have to allow such tags in db). When this is rendered on desktop, it is fine, but when I render Kendo UI tree list - script is rendered and executed.  So, my tree list is displayed, and alert is executed.

I have ngSanitize turned on application wide, but it seems not to be working on kendo ui widgets used within (we combine jquery and angular approach for widgets).

Do you have any suggestions how to approach to this? 

Thank you

General Discussions
Security
Nikolay
Telerik team
 answered on 28 Dec 2021
Narrow your results
Done
Selected tags
Security
Tags
Grid
General Discussions
Charts
Data Source
Scheduler
DropDownList
TreeView
MVVM
Editor
Window
Date/Time Pickers
Spreadsheet
Upload
ListView (Mobile)
ComboBox
TabStrip
MultiSelect
AutoComplete
ListView
Menu
Gantt
Templates
Validation
TreeList
Diagram
NumericTextBox
Splitter
PanelBar
Application
Map
Drag and Drop
ToolTip
Calendar
PivotGrid
ScrollView (Mobile)
Toolbar
TabStrip (Mobile)
Slider
SPA
Button (Mobile)
Drawer (Mobile)
Drawing API
Globalization
Gauges
Sortable
Filter
ModalView
Hierarchical Data Source
Button
MaskedTextBox
NavBar
FileManager
View
Form
Notification
Switch (Mobile)
ListBox
SplitView
Sparkline
ActionSheet
PDFViewer
DropDownTree
PopOver (Mobile)
TileLayout
TreeMap
ButtonGroup
ColorPicker
Pager
Styling
MultiColumnComboBox
Dialog
Chat
Timeline
Drawer
DateRangePicker
ProgressBar
DateInput
MediaPlayer
Checkbox
ImageEditor
OrgChart
Effects
Accessibility
BulletChart
Switch
TextBox
CheckBoxGroup
QRCode
ResponsivePanel
ScrollView
Wizard
TextArea
Barcode
Collapsible
Localization
PivotGridV2
Breadcrumb
Licensing
MultiViewCalendar
Stepper
Touch
Card
ExpansionPanel
Rating
RadioButton
Badge
RadioGroup
Captcha
AppBar
Loader
Heatmap
FloatingActionButton
TaskBoard
CircularGauge
Popover
ColorGradient
ColorPalette
DropDownButton
TimeDurationPicker
DockManager
BottomNavigation
Ripple
SkeletonContainer
Avatar
Circular ProgressBar
FlatColorPicker
SplitButton
Signature
Chip
ChipList
ToggleButton
VS Code Extension
+? more
Top users last month
Dominik
Top achievements
Rank 1
Giuliano
Top achievements
Rank 1
Dominic
Top achievements
Rank 1
Glendys
Top achievements
Rank 1
Iron
NoobMaster
Top achievements
Rank 2
Iron
Want to show your ninja superpower to fellow developers?
Learn how
Top users last month
Dominik
Top achievements
Rank 1
Giuliano
Top achievements
Rank 1
Dominic
Top achievements
Rank 1
Glendys
Top achievements
Rank 1
Iron
NoobMaster
Top achievements
Rank 2
Iron
Want to show your ninja superpower to fellow developers?
Learn how
Want to show your ninja superpower to fellow developers?
Learn how