Hello,

It's probably easy to solve this.

I want couch to show ' instead of the corresponding html ' How do I manage this? The language in the config.php is set to english, charset is set to utf-8 in my html document.

Thanks for any help!

Best regards,

P.Hansen

[KK]

Hello Pierre,

Since, as you noticed, the charset is already set to UTF-8, there should be no problems in the proper display of any character.

That said, quotes, double-quotes and a couple of other characters can be used for XSS attacks. Therefore these are sanitized bu Couch to their &xx; codes, that you mentioned.

This is a security measure. However, this does *not* affect the way these characters get shown on the front-end. So, for example, a quote character will show up as ' on the front-end (only a view-source of the HTML will reveal that this a &xx;).

So, this arrangement should be fine for inputted text that is meant for display but for inputted text that represents code in another language (e.g. JavaScript adsense code, YouTube embed code etc.), this sanitizing of the quotes can be problematic.

For such conditions, you'll have to explicitly ask Couch to skip the sanitization completely.
To do so please use editable region of type 'textarea' (this is important - will work only with 'textarea') and set its 'no_xss_check' param to '1' e.g.

<cms:editable name='my_content' no_xss_check='1' type='textarea'>

Hope this helps.

Hello,

thanks for your detailed answer (and sorry for my late reply).

Since it is for security reasons my customer is very understanding. Yes, on the front-page everything is looking fine.

Thanks again,

Pierre

[KK]

You are welcome Thanks for letting us know.