We have a TreePanel which can be edited in place via TreeEditor. How
can we avoid XSS, which can be done by a user writing something like
"<script>alert('Hello');</script>"?In fact, the script tags seem not to be executed (tested with IE8 and FF 3.5.7), but they are contained in the html and therefore we aren't quite sure whether they aren't just coincidental. Are there any docs or best practises about XSS in a TreePanel? In a TreeGrid one can simply write your own Renderer(), but there's none in a TreePanel/TreeNode. -- You received this message because you are subscribed to the Google Groups "GWT-Ext Developer Forum" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/gwt-ext?hl=en.
