Wrong handling with html tags in EXT:form
EXT:form strips html tags all over the place instead of properly escaping it.
- If html tags (or special chars) are not allowled, like in the name of the form or elements, those should also not allowed to be entered
- if HTML tags should be possible (especially in fields like static text), those should be possible to be entered
Updated by Bjoern Jacob about 4 years ago
- Status changed from Accepted to Needs Feedback
- Assignee set to Georg Ringer
Just to get you right, allow us some questions. We do not want to store any HTML tags within the form elements. Especially, the "static text" element should only store plain text without any HTML data. If a special format is needed, the people should use the form element called "Content element".
Could you please explain your concern in more detail? Do you want us to remove any HTML formatting while entering the data into the property fields?
Updated by Thorben Nissen over 3 years ago
I came across this, while trying to build a form element that allows to insert HTML code instead of plain text. That could be very useful, if you e.g. need to display a list within the form.
Creating a content element and then link to it in just on form is overkill.