Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NgRest Text and Textarea auto encoding #1522

Closed
nadar opened this issue Sep 26, 2017 · 4 comments
Closed

NgRest Text and Textarea auto encoding #1522

nadar opened this issue Sep 26, 2017 · 4 comments
Assignees
Milestone

Comments

@nadar
Copy link
Contributor

nadar commented Sep 26, 2017

The text and textarea plugins will now auto encode html output on after find, this may cause into problems with existing implentations are handing json trough textarea or text plugin!

In order to fix that use

['text', 'encoding' => false], // ['textarea', 'encoding' => false]

in order to disable encoding

@nadar nadar added this to the 1.0.0 milestone Sep 26, 2017
@nadar nadar self-assigned this Sep 26, 2017
@nadar nadar closed this as completed in e6a91cc Sep 26, 2017
@dev7ch
Copy link
Contributor

dev7ch commented Sep 27, 2017

Does this mean that an <a href="">blah</a> wouldn´t work anymore in the textarea block too?

@dev7ch
Copy link
Contributor

dev7ch commented Sep 27, 2017

i guess it would be possible for particular cases with ['textarea', 'encoding' => true]

  • in some cases it usefull to use html in a textarea block instead of adding an extra html block
  • even in some title field where one word is bold is html needed in a text field

@nadar
Copy link
Contributor Author

nadar commented Sep 27, 2017

Yes ngrest plugins text and textarea will encode the html output, but before parsing the markdown syntax.

you can either disable this behavior with 'encoding' => false or us the Html plugin.

The implementation of such a feature helps us prevent xss attacks when working with user input.

@dev7ch
Copy link
Contributor

dev7ch commented Sep 27, 2017

ok thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants