This & That - ampersand gets stored as &
This & That - ampersand gets stored as &
koniahin
Posts: 186Questions: 39Answers: 7
Is there any way to prevent this conversion so that the mysql field reads verbatim as typed?
This discussion has been closed.
Answers
Hi @koniahin ,
Can you give more information, please? Are you using Editor? If not, we're happy to take a look, but as per the forum rules, please link to a test case - a test case that replicates the issue will ensure you'll get a quick and accurate response. Information on how to create a test case (if you aren't able to link to the page you are working on) is available here.
Cheers,
Colin
I'm using datatables editor to create a list of items, in this case it's collections (of images).
When I give the title/name in the popup editor it looks fine, for instance:
This & That
I save it and the editor closes. In Datatables visual it looks fine but looked at the db field it has been converted to &.
This causes a problem elsewhere in my application - saving as input is the goal.
That's the XSS protection being a bit aggressive. You can add:
->xss(false)
- PHP.xss(false)
- NodeJSto the Field(s) that you don't want this to happen to.
Allan
Thank you - however I need to see an example of where you apply this in the code - in the controller or html file.
You would apply that code to the relevant Field in your Editor instantiation function:
etc.
My javascript skills are negligible, don't know if I did this right:
Editor::inst( $db, 'articles' )
->fields(
Field::inst( 'title' )->validator( 'Validate::notEmpty' )->xss(false),
Field::inst( 'publish' ),
Then I add a new file called "this & that". In the mysql table it is still there with the &
MariaDB > select id, title from articles order by id desc limit 1;
+-----+-----------------+
| id | title |
+-----+-----------------+
| 166 | this & that |
+-----+-----------------+
1 row in set (0.00 sec)
It looks like this editor is converting the & amp ; to & so the above comment does not reflect whtat I am seeing.
N'ere mind I got it. I had mixed up which form I was applying it to and now that I have that right it is working:
MariaDB > select id, title from articles order by id desc limit 1;
+-----+-------------+
| id | title |
+-----+-------------+
| 170 | this & that |
+-----+-------------+
1 row in set (0.00 sec)