Customer Portal

Get Involved. Join the Conversation.

Topic

    Janusz Jasinski
    How to safely display a <script> tagAnswered
    Topic posted November 15, 2019 by Janusz JasinskiSilver Crown: 22,500+ Points 
    21 Views, 4 Comments
    Title:
    How to safely display a <script> tag
    Content:

    In my custom object, in one field I have the following code: &lt;script&gt;alert(1);&lt;/script&gt;

    I would like to present this in a contenteditable (https://developer.mozilla.org/en-US/docs/Web/API/HTMLElement/contentEditable) without triggering the alert (XSS in general), displaying <script>alert(1);</script> and not displaying &lt;script&gt;alert(1);&lt;/script&gt;

    I've gone through htmlspecialchars_decode, html_entity_decode etc but I can't suss out what's needed

    The way the data is stored is as such:

    $objective = RNCPHP\objectives::fetch($id);
    $objective->description = empty($description) ? '-':$description;
    $objective->archive = 0;
    $objective->save(); 
    RNCPHP\ConnectAPI::commit();
    

    Any advice?

    Best Comment

    Cosimo Galasso

    Not sure to understand what you are trying to achieve.

    Is this to be rendered on the Customer Portal?

    Maybe you can try building a Custom Widget.

    CG

    Comment