serialization.scripts - API Reference - Kendo UI Editor

serialization.scripts `Boolean` (default: false)

Indicates whether inline scripts will be serialized and posted to the server.

Setting this option does not prevent cross-site scripting (XSS) attacks; you need server sanitization, too. See the preventing cross-site-scripting help topic for more information.

Example

<textarea id="editor"></textarea>
<script>
$("#editor").kendoEditor({
  value: "before script <script>alert(1);<\/script> after script",
  serialization: {
    scripts: true
  }
});
/* The result can be observed in the DevTools(F12) console of the browser. */
console.log($("#editor").data("kendoEditor").value()); // log will contain the script tag
</script>

In this article

Not finding the help you need?

Contact Support

Improve this article

Getting Started

Community

Frameworks

Progress, Telerik, and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.

DO NOT SELL MY PERSONAL INFORMATION

serialization.scripts Boolean (default: false)

Example

Getting Started

Community

Frameworks

serialization.scripts `Boolean` (default: false)