Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Allowing HTML or < tag in customer's text input? Rate Topic   - - - - -

 
  • mizzer
  • Newbie
  • Members
  • Join Date: 17-Sep 11
  • 5 posts

Posted 31 January 2012 - 10:03 PM #1

Hello - some of our products have an option where the customer can enter a custom message to include on the product.

This option is set as a "Text" field (the regular html input field).

Due to the nature of our business though, allowing the < and > characters is necessary. But it looks like cs-cart strips out any < that gets entered, and every other >.

I know it's doing this to prevent malicious html input. I have tried to see where it's doing this but did not find it.

Where is cs-cart stripping these out?

Even escaping the < and > to the html entity &gt; and &lt; internally will be fine, because the other views should hopefully render them as expected.

 
  • snoopp
  • Newbie
  • Members
  • Join Date: 13-Jan 12
  • 9 posts

Posted 02 February 2012 - 08:52 AM #2

i think that removing this is not secure for you, removing this from everywhere will be quite difficult, but for some specific functionality you can try.
try to search smarty strip_tags in templates where you want to remove this cleaning.

for example:
with cleaning {$product.product|strip_tags}, without {$product.product}