How to avoid XML in WebGrid's AJAX postback?

29 replies. Last post: June 10, 2011 3:29 AM by Eric
Tags :
  • New Discussion
  • New Question
  • New Product Feedback
Eric Member

Hi,

We use the latest version of WebGrid 6.

In our server infrastructure there are some servers in front of our IIS. These servers do input validation to prevent cross site scripting attacks. I have no control on what is filtered there, but I received a blocking log.

The problem is that anything that looks like XML will be blocked. A string like:

" abc = … >

anywhere in a POST data field will be blocked. And I found a blocked (AJAX?) POST request, looking like it came from WebGrid.

Interestingly our application works - including all WebGrid functionality. But we do see some problems.

Questions:

  • Does your WebGrid support such industry-standard high security environments in general?
  • Is there a way to avoid XML data in POST fields?
  • Is there a known bug in data encoding?
  • Do these AJAX postbacks have a special HTTP header field that could be used to distinguish if this is a special postback and not a standard form post? If yes, maybe the input validation can be disabled (or relaxed) for such requests.

It would be great if you could answer these four questions.

Regards,

Eric

All times are GMT -5. The time now is 10:47 PM.
Previous Next