Prevent Editor php libraries from encoding html entities when saving to DB

Prevent Editor php libraries from encoding html entities when saving to DB

mommom Posts: 14Questions: 4Answers: 0

I have a form where I let users enter email addresses - which get saved to the database and are further used by the application to send some documents to them. It is a single text field, but it can take multiple emails in comma-separated RFC822 form like: John Doe <j.doe@domain.com>, James X <james@domain.com>

However, the php editor libraries seem to pass the field data through htmlentities() or htmlspecialchars() before saving to the database, so the emails end up with &lt; and &gt; instead of < and >.

I tried setting entityDecode to false but this option seems to have effect only on the front-end part of Editor; when submitting, the tag characters in the field value appear correct in the request yet they get encoded in the DB.

Is there some way to prevent this behaviour? An option, or a custom setFormatter function, so that I won't have to call html_entity_decode() every time the app needs to read that data back?

Thanks.

This question has an accepted answers - jump to answer

Answers

  • allanallan Posts: 63,498Questions: 1Answers: 10,471 Site admin
    Answer ✓

    Add ->xss(false) to the field. It sounds like the XSS library is being a little overly careful there.

    Allan

  • mommom Posts: 14Questions: 4Answers: 0

    Thank you Allan, that worked perfectly!

This discussion has been closed.