"&" Vs "&";
"&" Vs "&";
carrarachristophe
Posts: 109Questions: 25Answers: 2
Hello,
I found many posts regarding encoding but none that could solve my problem.
I have the following issue with special character & only:
1. when I have the character & in my sql table, I see it as & in my datatable
2. but when I edit the same item from the datable, although I still see it as & in my datatable, it stores & in mysql table
3. as a result, for example, in the select fields using this value, I can see & and not &
The table and data are set to utf8mb4_general_ci
I also added utf-8 in the config.php file:
$sql_details = array(
"type" => "",
"user" => "",
"pass" => "",
"host" => "",
"port" => "",
"db" => "",
"dsn" => "charset=utf8"
);
Any idea where it could come from?
Answers
It will be from the XSS protection that is enabled by default. Add
->xss(false)to disable the XSS protection for a field, but make sure you use the text renderer to stop potential XSS attacks.Allan
Hi Allan,
Thanks, it works now.
As for the render, is using something like:
OK?
If data such as
data.vin_sousvignobles.sousvignobleis input by a potentially untrusted user, you should escape any HTML in it. Otherwise you are open to an XSS attack.Allan
Hi Allan,
Do you suggest that I should follow this?
If so, how can I apply it to, for example:
Unless I should apply it to the editor part? I must say that I am lost on that.
You could use:
to escape the HTML characters. Then use that resulting string in your return statement.
Allan