+1-888-365-2779
Try Now
More in this section

Forums / Security / Blog Comments XSS injection question

Blog Comments XSS injection question

3 posts, 0 answered
  1. David Pearson
    David Pearson avatar
    54 posts
    Registered:
    17 Jul 2012
    04 May 2010
    Link to this post
    I was wondering if the rad-editor for comments on the front end is set up to script out javascript?

    Thanks,
    David
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    09 Dec 2016
    04 May 2010
    Link to this post
    Hi David Pearson,

    By default scripts filter - RemoveScripts is not set and ContentFilters property is not used into CommentsList template.

    Sincerely yours,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  3. David Pearson
    David Pearson avatar
    54 posts
    Registered:
    17 Jul 2012
    04 May 2010
    Link to this post
    Ivan,

    I just ran a test by placing some javascript code into the blog comment, it appears to be safe.  I was reading an article on XSS injections, and wanted to be double sure.   

    Thanks,
    David
Register for webinar
3 posts, 0 answered