Retaining HTML Tags

**Elso** · 14-Feb-2009 02:34 PM

Hi Russell

Is there a means to include HTML tags in computed field values?
Example:

Code:

if (sFinish != '')
    {
     sListData = '<b>Finish: </b>'.sFinish;
    }

Then have the results for $sListData be:
Finish: sFinishValue
instead of
<b>Finish: </b>Mahogany (HTML: <b>Finish: </b>Mahogany)

Nelson

**russellr** · 14-Feb-2009 10:33 PM

Hi,

The short answer is: no, not at the moment.

The reason is that allowing HTML to be passed via a submitted form presents a security problem - Cross Site Scripting Vulnerability, in particular.

I know you're writing the computation code, but that doesn't stop an attacker from submitting replacement or additional computation code.

However, there will be a need to provide this feature at some stage. We'll probably go the way of "bbcode" - where you can't write HTML, but you can write some special tagging that gets translated into safe HTML code.

E.g. this is bold

Thread: Retaining HTML Tags

Thread Tools

Display

Retaining HTML Tags

Re: Retaining HTML Tags

Thread Information

Users Browsing this Thread

Similar Threads

Error tags does not validate

Retaining images when going backward

Form results showing field tags??

Missing Tags

Strip HTML Tags

Bookmarks

Bookmarks

Posting Permissions