DataTables
Advanced interaction
features for your tables.
Editor
Comprehensive editing
library for DataTables.
Manual
Download
Show site navigation

This & That - ampersand gets stored as &

This & That - ampersand gets stored as &

koniahinkoniahin Posts: 186Questions: 39Answers: 7
in Free community support

Is there any way to prevent this conversion so that the mysql field reads verbatim as typed?

Answers

  • colincolin Posts: 15,144Questions: 1Answers: 2,586

    Hi @koniahin ,

    Can you give more information, please? Are you using Editor? If not, we're happy to take a look, but as per the forum rules, please link to a test case - a test case that replicates the issue will ensure you'll get a quick and accurate response. Information on how to create a test case (if you aren't able to link to the page you are working on) is available here.

    Cheers,

    Colin

  • koniahinkoniahin Posts: 186Questions: 39Answers: 7

    I'm using datatables editor to create a list of items, in this case it's collections (of images).

    When I give the title/name in the popup editor it looks fine, for instance:

    This & That

    I save it and the editor closes. In Datatables visual it looks fine but looked at the db field it has been converted to &.

    MariaDB [bobmeetin_bov]> select id, title from collections where title like 'This%';
+----+-----------------+
| id | title           |
+----+-----------------+
| 60 | This & That |
+----+-----------------+
1 row in set (0.00 sec)

    This causes a problem elsewhere in my application - saving as input is the goal.

  • allanallan Posts: 61,726Questions: 1Answers: 10,110 Site admin

    That's the XSS protection being a bit aggressive. You can add:

    • ->xss(false) - PHP
    • `.Xss(false) - .NET
    • .xss(false) - NodeJS

    to the Field(s) that you don't want this to happen to.

    Allan

  • koniahinkoniahin Posts: 186Questions: 39Answers: 7

    Thank you - however I need to see an example of where you apply this in the code - in the controller or html file.

  • tangerinetangerine Posts: 3,350Questions: 37Answers: 394

    You would apply that code to the relevant Field in your Editor instantiation function:

    Editor::inst(....

    etc.

  • koniahinkoniahin Posts: 186Questions: 39Answers: 7

    My javascript skills are negligible, don't know if I did this right:

    Editor::inst( $db, 'articles' )
    ->fields(
    Field::inst( 'title' )->validator( 'Validate::notEmpty' )->xss(false),
    Field::inst( 'publish' ),

    Then I add a new file called "this & that". In the mysql table it is still there with the &

    MariaDB > select id, title from articles order by id desc limit 1;
    +-----+-----------------+
    | id | title |
    +-----+-----------------+
    | 166 | this & that |
    +-----+-----------------+
    1 row in set (0.00 sec)

  • koniahinkoniahin Posts: 186Questions: 39Answers: 7

    It looks like this editor is converting the & amp ; to & so the above comment does not reflect whtat I am seeing.

  • koniahinkoniahin Posts: 186Questions: 39Answers: 7

    N'ere mind I got it. I had mixed up which form I was applying it to and now that I have that right it is working:

    MariaDB > select id, title from articles order by id desc limit 1;
    +-----+-------------+
    | id | title |
    +-----+-------------+
    | 170 | this & that |
    +-----+-------------+
    1 row in set (0.00 sec)

This discussion has been closed.

DataTables

DataTables designed and created by SpryMedia Ltd.
© 2007-2023 MIT licensed. Privacy policy. Supporters.
SpryMedia Ltd is registered in Scotland, company no. SC456502.