Hello,
We set htmlEncode to false because we use custom html on the grid record renderings. The data we receive to the grid is sanitized through c# Newtonsoft Json escapeHTML, which converts to Unicode characters. I have noticed that when Unicode characters are used in a field like Name, the Unicode characters get interpreted and rendered as html code. For example, the following comes in like this as the record.name:
SLAST3\u003cimg src=\u0027x\u0027 onerror=\u0027alert(3)\u0027\u003eTest\u003c/img\u003e
This will cause the script onError to be executed. On normal renderings of HTML the unicode characters are displayed as escaped, legible characters. Is this expected behavior for the grid to interpret Unicode here as html?
Thanks,
Stephen