Dojo 1.4 - <a href> in dojox.grid.DataGrid's cell behaves differently from Dojo 1.3's

views:

1112

answers:

+2 Q:

Dojo 1.4 - <a href> in dojox.grid.DataGrid's cell behaves differently from Dojo 1.3's

In Dojo 1.3 I was able to populate dojox.grid.DataGrid's cell with an <a href> HTML element (e.g. <a href='/test?id=xxx'>xxx</a>) and the (clickable) html link would then be shown. Dojo 1.4 breaks(?) this behaviour and the literal string is shown (not a link).

How can I achieve the same behaviour in Dojo 1.4?

+2 A:

figured it out in the meantime, setting the new escapeHTMLInData boolean parameter to false (defaults to true) fixes this...

dna 2009-12-16 16:28:15

Just found this when looking at another problem, you should avoid this if you can and instead use a cell `formatter` function to unescape the escaped code. This would help ensure that you are not vulnerable to XSS attacks in unintended fields.

Kitson 2010-03-01 10:36:08

Are you creating the link dynamically using a formatter or are you passing the html formatted from the server? You have to be careful of XSS attacks if you are passing html data into the Grid. The recommended way to create a link is to use a formatter, there is an example and an explanation of the setting on http://docs.dojocampus.org/dojox/grid/DataGrid

JoseM 2009-12-25 21:45:49

it's a read only grid, html link formatted on the server...

dna 2009-12-26 15:01:02

ansaurus

tags:

views:

answers:

Dojo 1.4 - <a href> in dojox.grid.DataGrid's cell behaves differently from Dojo 1.3's

related questions