Saving a record using the DB datahandler htmlspecialchars all data #90
Comments
|
Hey @oliverklee , |
|
Hi @oliverklee, thanks for the help! I'll try that. Is there also a way to set this for a complete form? And in general, I think this default behavior is not correct. Data needs to be HSCed on output, not when it gets inserted into the DB. So I propose to change the default to not HSC the data on saving. |
|
Yes, I totally agree with you. I think we will discuss the issue again. |
oliverklee
added a commit
to oliverklee/ext-realty
that referenced
this issue
Oct 18, 2018
This is a workaround for a bug in mkforms: DMKEBUSINESSGMBH/typo3-mkforms#90
oliverklee
added a commit
to oliverklee/ext-realty
that referenced
this issue
Oct 18, 2018
This is a workaround for a bug in mkforms: DMKEBUSINESSGMBH/typo3-mkforms#90
|
Problem is that the escaping is done globally in the getValue() method of renderlets. There is no distinction between using the value in the FE output or elsewhere. But would be needed imho. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If I save something using a TEXT renderlet, it gets htmlspecialchared before it gets saved into the DB.
Example
… gets saved as
The data must not be htmlspecialchared before it gets saved to the DB.
This is with the current master of mkforms (3.0.21) and rn_base (1.8.4).
The text was updated successfully, but these errors were encountered: