Xataface 2.0 - render HTML in list view

A place for users and developers of the Xataface to discuss and receive support.

Xataface 2.0 - render HTML in list view

Postby tonyvenneri » Thu Nov 08, 2012 10:27 am

I have a problem in rendering HTML created with ckeditor (but nicedit is the same) in the list view.

Have a look at images attached.
I listview.png I have the html tag. If I go in edit mode (editview.png) I am able to view the correct formattation of text

Any idea?
Attachments
editview.png
Edit View with ckeditor
editview.png (31.44 KiB) Viewed 6617 times
listview.png
List view with html tag
listview.png (36.09 KiB) Viewed 6617 times
tonyvenneri
 
Posts: 10
Joined: Sun Jan 15, 2012 4:13 pm

Re: Xataface 2.0 - render HTML in list view

Postby shannah » Thu Nov 08, 2012 10:53 am

This is a new default for Xataface 2.0 for security reasons. It is better for the world if the default is to escape all html in field output. That way if you have users you don't trust adding content in your fields, they can't put in any XSS hacks. This way you have to think before opening it up.

You can enable "passthru" (so that the field is not escaped) using the "passthru" directive in the fields.ini file:

Code: Select all
[myfield]
widget:type=ckeditor
passthru=1


-Steve
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: Xataface 2.0 - render HTML in list view

Postby tonyvenneri » Fri Nov 09, 2012 8:36 am

Excellent.
In my application only selected user are able to write content.

Many thanks
tonyvenneri
 
Posts: 10
Joined: Sun Jan 15, 2012 4:13 pm


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 30 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved