Hello there,
I have a question to text input boxes (such as TextItem, PasswordItem, TextAreaItem, ComboBoxItem, ...). In order to secure my web application against XSS attacks, I use consistently GWTs SafeHTML. But now for some input boxes the strings must remain unchanged (e.g. passwords). That is, if the user chooses a randomly password that contains HTML this should not be escaped, but remain as it is.
This leads to the question whether the text fields are always safe against XSS attacks in SmartGWT, so you can fill it with any content without any unintended JavaScript execution?
Or can the desired behavior be achieved by setting any properties?
Greetings
Andre
I have a question to text input boxes (such as TextItem, PasswordItem, TextAreaItem, ComboBoxItem, ...). In order to secure my web application against XSS attacks, I use consistently GWTs SafeHTML. But now for some input boxes the strings must remain unchanged (e.g. passwords). That is, if the user chooses a randomly password that contains HTML this should not be escaped, but remain as it is.
This leads to the question whether the text fields are always safe against XSS attacks in SmartGWT, so you can fill it with any content without any unintended JavaScript execution?
Or can the desired behavior be achieved by setting any properties?
Greetings
Andre