Results 1 to 2 of 2

Thread: Retaining HTML Tags

  1. #1
    Join Date
    Feb 2007

    Default Retaining HTML Tags

    Hi Russell

    Is there a means to include HTML tags in computed field values?
    if (sFinish != '')
         sListData = '<b>Finish: </b>'.sFinish;
    Then have the results for $sListData be:
    Finish: sFinishValue
    instead of
    <b>Finish: </b>Mahogany (HTML: &lt;b&gt;Finish: &lt;/b&gt;Mahogany)


  2. #2
    Join Date
    Dec 2003

    Default Re: Retaining HTML Tags


    The short answer is: no, not at the moment.

    The reason is that allowing HTML to be passed via a submitted form presents a security problem - Cross Site Scripting Vulnerability, in particular.

    I know you're writing the computation code, but that doesn't stop an attacker from submitting replacement or additional computation code.

    However, there will be a need to provide this feature at some stage. We'll probably go the way of "bbcode" - where you can't write HTML, but you can write some special tagging that gets translated into safe HTML code.

    E.g. this is bold
    Russell Robinson - Author of Tectite FormMail and FormMailDecoder

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Error tags does not validate
    By bambu in forum Features Questions
    Replies: 2
    Last Post: 21-Mar-2009, 08:36 PM
  2. Retaining images when going backward
    By Elso in forum FormMail Subscription Support
    Replies: 2
    Last Post: 04-Apr-2008, 02:21 AM
  3. Form results showing field tags??
    By MrsT in forum Community Support
    Replies: 1
    Last Post: 21-Aug-2007, 02:39 PM
  4. Missing Tags
    By jamcow in forum Community Support
    Replies: 4
    Last Post: 02-Nov-2006, 05:48 PM
  5. Strip HTML Tags
    By thornhillguy in forum Community Support
    Replies: 1
    Last Post: 25-May-2006, 12:42 PM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts