CouchCMS • View topic - HTML encoding in admin

Problems, need help? Have a tip or advice? Post it here.

6 posts Page 1 of 1

HTML encoding in admin

: larin555; Registered User

: Posts: 226; Joined: Wed Nov 11, 2015 11:11 pm

by larin555 » Thu Feb 09, 2017 3:37 am

Hi

When entering quotes and double quotes in the admin section, when I click save, these characters get converted into the HTML encoded character ('"' for example for double quotes).

How can I turn this off?

Thanks

Re: HTML encoding in admin

: KK; Moderator

: Posts: 8623; Joined: Wed Dec 01, 2010 5:35 pm

by KK » Thu Feb 09, 2017 4:38 am

Hi,

This is a security feature (sanitizes characters that can lead to XSS).

The encoded characters will appear as normal on the front-end so it is not something that should be bothersome.
If it is, you may try using type 'richtext' editable region - the characters still get encoded but the richtext editor displays them as normal (like the front-end).

Hope it helps.

Re: HTML encoding in admin

: larin555; Registered User

: Posts: 226; Joined: Wed Nov 11, 2015 11:11 pm

by larin555 » Thu Feb 09, 2017 4:49 am

Is there a way to disable it?
It will bother my client for sure. In that field, he has to enter surfboards size. (see attached file)
So for example:
6'2"

Will appear like this:
6'2"

In the admin panel.
Which looks pretty bad. He will be using CouchCMS for listing the surfboards available for rentals. It will be hard to him to scan the sizes of each boards if he has to decode these symbols.
And a Richtext is too big for the area I'm using (repeatable region).

Is there a way maybe to add some PHP lines somewhere to fix this?

Thanks KK

Attachments

Re: HTML encoding in admin

: cheesypoof; Registered User

: Posts: 737; Joined: Thu Oct 13, 2011 2:48 am

by cheesypoof » Thu Feb 09, 2017 6:09 am

I have always found this issue to be very annoying and worthy of our attention. Alas, I do not have the time at the moment to try fix it...

viewtopic.php?f=4&p=24261#p24260

Re: HTML encoding in admin

: KK; Moderator

: Posts: 8623; Joined: Wed Dec 01, 2010 5:35 pm

by KK » Thu Feb 09, 2017 5:51 pm

@larin555,

As I mentioned before, one way is to use a richtext region.
Another would be to use a 'textarea' with 'no_xss_check'.

I am attaching a screenshot showing both these regions here -

: Untitled-1.png (9.58 KiB) Viewed 1312 times

.The code I used is as follows -

Code: Select all

<cms:repeatable name='test'>
    <cms:editable name='testin' label='Size' height='60' type='richtext' toolbar='custom' custom_toolbar='source, removeformat'/>
    <cms:editable name='testin2' label='Size' height='30' type='textarea' no_xss_check='1' />
    <cms:editable name='testin3' label='Size' height='30' type='text'  />
</cms:repeatable>

I think using textarea, as I did above, should be a reasonable compromise.

Does this help?

Re: HTML encoding in admin

: larin555; Registered User

: Posts: 226; Joined: Wed Nov 11, 2015 11:11 pm

by larin555 » Thu Feb 09, 2017 8:42 pm

Thanks KK!

Yes, the textarea with "no_xss_check" seems to be the best solution!
Had to edit the CSS file of the repeatable table a bit, but It looks great now.

Out of curiosity, why can't "no_xss_check" be applied to a regular text field?

Thanks again

Post a reply

Previous Next

6 posts Page 1 of 1

Return to Bug Reporting and Troubleshooting