Results 1 to 5 of 5

Thread: allow html in "TinyMce" textarea and display message as html in email

  1. #1
    Join Date
    Aug 2010
    Posts
    22

    Default allow html in "TinyMce" textarea and display message as html in email

    I have a TinyMCE editor script in my form which allows users to add html tags to their message (kind of like this post).

    When I receive the email (and in the autoresponder email) though, the html tags are converted, So I literally get something like:

    "<p>Hi there</p>"

    which translates to:

    " &lt;p&gt;Hi there&lt;/p&gt; "

    Any way to fix that?

    http://www.candpgeneration.com/contact.php

  2. #2
    Join Date
    Dec 2003
    Posts
    3,980

    Default Re: allow html in "TinyMce" textarea and display message as html in email

    Hi,

    FormMail isn't doing this on your form as it's a straight plain text email you're sending. You can only get HTML if you instruct FormMail to use an HTML template (but see below).

    Therefore, I think TinyMCE is doing this conversion (which actually makes perfect sense).

    Check out this FAQ item: http://tinymce.moxiecode.com/wiki.php/TinyMCE_FAQ#TinyMCE_strip_away_attributes_or_tags_from_my_source.3F

    Even if TinyMCE *didn't* do this, FormMail would do it with field values (even when using an HTML template) because it's a security problem.

    For example, if an attacker could submit HTML in your form, this means they could submit code that hides or obfuscates information and make you vulnerable to attack. In the worst case, they could send you JavaScript code that executed in your mail client, or browser, and who knows what they could achieve!

    Currently, the only safe thing to do is to encode any HTML entities.

    Of course, for harmless stuff like <p>, and <br/>, this is too stringent.

    Version 8.29 has a new configuration feature called TEXT_SUBS, which we implemented to allow special fields (like template_list_sep) to safely contain HTML strings.

    A future version could conceivably utilize this feature to allow input from TinyMCE to be shown the way you want in HTML emails.
    Russell Robinson - Author of Tectite FormMail and FormMailDecoder
    http://www.tectite.com/

  3. #3
    Join Date
    Aug 2011
    Posts
    2

    Default Re: allow html in "TinyMce" textarea and display message as html in email

    I'm also having this problem using jQuery WYSIWYG plug-in.

    If I post w/o FormMail, it works fine, but with FormMail, I get ascii encoded characters.... < turns into &lt;

    I can see where sending html is not valid for most fields, but I'd like to enable it for just one.

  4. #4
    Join Date
    Dec 2003
    Posts
    3,980

    Default Re: allow html in "TinyMce" textarea and display message as html in email

    Hi,In an HTML email it's just not safe to send through < input via the form.It has to be translated to < for security reasons.If your email program is not showing it as
    Russell Robinson - Author of Tectite FormMail and FormMailDecoder
    http://www.tectite.com/

  5. #5
    Join Date
    Aug 2011
    Posts
    2

    Default Re: allow html in "TinyMce" textarea and display message as html in email

    Hi Russell, thanks for the quick reply.

    Unfortunately, not using FormMail, is even riskier/less attractive.

    We use Outlook, which has some security of it's own, so feel leaving one field unprotected is a compromise we can live with.

    The form I have setup is quite large (printed is 4 pages) with easily around 100 fields so not easy to add just the fields we want protected. (I think I saw that option.)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Custom html "Thank you" page
    By Craigoooo in forum HOWTO Guides and Tips
    Replies: 1
    Last Post: 22-Dec-2009, 12:25 AM
  2. Email error message - "no_valid_recipients"
    By Mickyboy in forum Community Support
    Replies: 27
    Last Post: 05-Sep-2009, 04:47 AM
  3. HTML in textarea sent via email
    By Gomi in forum Community Support
    Replies: 1
    Last Post: 21-Aug-2009, 07:42 PM
  4. Carriage return or "\n" after form field value in HTML email
    By steve_park1008 in forum Community Support
    Replies: 5
    Last Post: 27-Mar-2009, 08:55 PM
  5. "realname" and "email" not in error mail?
    By Darnolds in forum Community Support
    Replies: 1
    Last Post: 13-Mar-2006, 08:46 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •