Author Topic: Alphanumeric custom fields > becomes > (Read 1703 times)

ehanuise · August 01, 2012, 02:32:40 am

Hi.
We've set up an alphanumeric custom field, to enter a contact's fuction.
For translators, we note the source/target languages, example 'translator en > fr'
This displays OK, but when we edit the contact info, it becomes 'translator en > fr'

To me, computer literate, it's no bg deal : i understand the > was turned to an html character entity and stored as html entity in the DB.
I' however a bit worried that the > could appear here or there in an export or printout of the data.

But to our users, it's "hey the system has garbled my entry, do something!", and it's perceived as a bug.

So maybe it's be better to store the data as entered in the DB and do the htmlentities stuff on display/printout only ?
I guess there are some security issues underlying ?

Anyways, I'd like to know more about this and why it is so

Donald Lobo · August 01, 2012, 10:28:33 am

Yes, this is to avoid script attacks et al and is done when writing to the DB

At some point we should switch to doing this on output rather than on input, but thats a longer more involved project

lobo

CiviCRM Community Forums (archive)

News: