PHP Editor changes html content of field

PHP Editor changes html content of field

HassanDomeDeneaHassanDomeDenea Posts: 29Questions: 10Answers: 0

Greetings
I'm using quill field type for html input.
When Inserting an image, it is formed like this:

<img src="data:image/png;base64,iVBORw0K...."/>

But in the database I find the value is changed into:

<img src="denied:data:image/png;base64,iVBORw0K..."/>

I tried to use simple PHP Sqlite PDO to handle the insertion with prepared Statement. and it inserted the html as it is without changing anything.
By the way I'm separte method to send the creation ajax request, mimicking the orignial datatable editor parameters, and here is my code:

                    let data = {};
                    let primary_key=0;
                    data[primary_key] = {
                        key: '-',                    
                        name: '---'
                        ...
                        manual_result: manual_result,                      
                    };
                    let formData = new FormData();
                    formData.append('action', primary_key ? 'edit' : 'create');
                    formData.append('data', JSON.stringify(data));

And here is the sent request from chrome console:

action: create
data: {"0":{"key":"-","name":"---","manual_result":"<p><img src=\"data:image/png;base64,iVBORw0KGgoA...}}

This question has an accepted answers - jump to answer

Answers

  • allanallan Posts: 51,422Questions: 1Answers: 7,755 Site admin
    Answer ✓

    Hi,

    Its part of the xss protection. Add ->xss(false) to your Field for this in the PHP and it will no longer add that protection.

    Allan

  • HassanDomeDeneaHassanDomeDenea Posts: 29Questions: 10Answers: 0

    Perfect! It solved it.

Sign In or Register to comment.