by
KK » Thu Apr 16, 2015 1:42 pm
Hello Pierre,
Since, as you noticed, the charset is already set to UTF-8, there should be no problems in the proper display of any character.
That said, quotes, double-quotes and a couple of other characters can be used for XSS attacks. Therefore these are sanitized bu Couch to their &xx; codes, that you mentioned.
This is a security measure. However, this does *not* affect the way these characters get shown on the front-end. So, for example, a quote character will show up as ' on the front-end (only a view-source of the HTML will reveal that this a &xx;).
So, this arrangement should be fine for inputted text that is meant for display but for inputted text that represents code in another language (e.g. JavaScript adsense code, YouTube embed code etc.), this sanitizing of the quotes can be problematic.
For such conditions, you'll have to explicitly ask Couch to skip the sanitization completely.
To do so please use editable region of type 'textarea' (this is important - will work only with 'textarea') and set its 'no_xss_check' param to '1' e.g.
<cms:editable name='my_content' no_xss_check='1' type='textarea'>
Hope this helps.