serialization.scripts Boolean (default: false)

Indicates whether inline scripts will be serialized and posted to the server.

Setting this option does not prevent cross-site scripting (XSS) attacks; you need server sanitization, too. See the preventing cross-site-scripting help topic for more information.

Example

<textarea id="editor"></textarea>
<script>
$("#editor").kendoEditor({
  value: "before script <script>alert(1);<\/script> after script",
  serialization: {
    scripts: true
  }
});
/* The result can be observed in the DevTools(F12) console of the browser. */
console.log($("#editor").data("kendoEditor").value()); // log will contain the script tag
</script>
In this article