HTML allowed in cell grid

mshaffer · April 30, 2012, 5:31pm

I have a grid column of type “edtxt”

If the user enters something like “me & marley”, it works fine.

However, user an enter HTML commands like
, , etc and it will affect the contents of the column.

For example: me & marley will show it as bold,

me & marley will insert a horizontal line, etc.

This could be dangerous! How do I prevent this?

mshaffer · May 1, 2012, 6:52pm

I have some more detail on this, this could shed some light…

The column is type ‘edtxt’ and there is a dataprocessor associated with the grid.

If the user changes the text of the column from:

abc

to

abc def

The DataProcessor receives the update request and sure enough, the field is simply ‘abc def’… the html has been stripped off as expected, so the column is rendered simply ‘abc def’

However, if the user edits the cell and doesn’t change the text but just inserts html characters, then the column is never sent to the DataProcessor and instead is shown locally (without a round trip to the server) showing the effects of the html commands.

For example:

abc

User edits field and changes it to:

abc

DataProcessor does not receive the update, however the grid shows the data now on 2 lines (because of the br) and bold.

I think the exCell is stripping off the html and then thinking that, since the value of the field hasn’t changed, don’t do the update. However, apparently it is returning the full value (including HTML) to the grid, causing it to format according to the html command.

Is there a way to prevent this behavior?

sematik · May 29, 2012, 4:58pm

Unfortunately the issue cannot be reconstructed.
edtxt type works well for us. Please, provide a complete demo or a demo link with exact steps to reconstruct the issue.

mshaffer · June 5, 2012, 6:18pm

Did you try it as explained:

Edit the grid cell
Make sure the “text” remains the same, just add HTML control like this:

Before: abc
After: abc

Since the “stripped” version of the cell is the same, it is not sent to the server for processing (via DataProcessor). Instead the browser renders it using the supplied HTML tag (so abc appears “bold”)

sematik · June 6, 2012, 12:58pm

Yes, we have tried the following steps with edtxt column.
If issue still occurs - please, provide a complete demo to reconstruct the issue.

mshaffer · June 6, 2012, 6:46pm

I don’t know how to create a standalone demo since it involves server side (dataprocessor)??

sematik · June 29, 2012, 3:18pm

If a local demo cannot be provided - please, provide a demo link where the issue can be reconstructed.