Comments (5)
I'm pushing a proof of concept to the ci4-branch. Take a look at the form_basic_info.php and how it interacts with the Customer info view.
from opensourcepos.
The idea is that we have a modified esc()
function called esc_safe()
which checks to see if the string is already encoded and only runs esc()
against it if it's not already encoded. Then the result of that is wrapped in a modified version of html_entity_decode()
called html_limited_decode()
which takes a string and an array of safe characters. It then only decodes html entities for those characters. Take this example:
<div class="form-group form-group-sm">
<?= form_label(lang('Common.first_name'), 'first_name', ['class' => 'required control-label col-xs-3']) ?>
<div class='col-xs-8'>
<?= form_input ([
'name' => 'first_name',
'id' => 'first_name',
'class' => 'form-control input-sm',
'value' => html_limited_decode(esc_safe($person_info->first_name), ['\''])
]) ?>
</div>
</div>
Since the only html entity character we want to not be encoded is the single quote, that's all that appears in safe characters.
from opensourcepos.
CI is just using laminas/laminas-escaper and in the html context laminas-escaper is just calling htmlspecialchars()
which has the optional bool $double_encode = true
parameter. I submitted a PR to laminas laminas/laminas-escaper#54
It may take awhile to get it into CI4
from opensourcepos.
in the meantime the esc_safe() function needs a little more work because currently it's escaping everything when just one character is able to be escaped instead of a true not double-encoding... I think until laminas and ci get my PR into the code, we may need to skip esc() all together and just call htmlspecialchars directly. This is only acceptable in the html context.
from opensourcepos.
Nevermind. esc() does not need to be called inside any of the functions in the form helper https://codeigniter.com/user_guide/helpers/form_helper.html
from opensourcepos.
Related Issues (20)
- CI4 Testing with different versions HOT 1
- Adding Serial Number prevents us from chaning the quantity of that item HOT 1
- Fix reference to chartist-tooltip plugin
- Windows 11 HTTP ERROR 500 HOT 4
- Customers Table Comments with newline HOT 1
- Feature: Rename Company Logo on upload and housekeeping of company_logo files HOT 2
- delete button for suspended sales direct from menu HOT 6
- Request for a new feature: Off-line capability of OSPOS HOT 6
- Nuestra pagina web es inestable y se cae constantemente HOT 3
- LIFO method HOT 1
- Offline Online Sync HOT 8
- Credit Saale, Price Toggle and Report to mail: HOT 2
- [Bug]: Item Kits Save Failure HOT 6
- Item Kits Barcode Issue HOT 2
- [Bug]: Missing /var/www/html/.htaccess file contents within installation documentation HOT 22
- [Bug]: Disappearing Item Image HOT 2
- [Feature]: Fixed Width Barcodes HOT 7
- Return item kit always adds an whole extra item kit HOT 3
- [Bug]: HOT 28
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensourcepos.