fbpx
Welcome, Guest
Username: Password: Remember me

TOPIC: Sanitizing/Escaping field values

Sanitizing/Escaping field values 7 months 21 hours ago #28422

  • watched.live
  • watched.live's Avatar
  • Offline
  • New Member
  • Posts: 17
  • Thank you received: 2
  • Karma: 1
For security reasons, I would like to sanitize any HTML/javascript entered into one of the fields prior to having the value emailed. At minimum, I'd like to covert instances of < to &lt;, > to &gt;, and & to &amp;, as this would largely prevent website user supplied messages from directly attempting to load code to my email client, while still allowing things like smart quotes and emojis to show up as expected.

I can see how some JoomDev users would want to supply the raw text to the form processor, but I'd rather escape. If implemented as a feature, perhaps having {fieldescaped.allfields} (and other field names) would work, although I'm willing for a more "dirty" approach (direct local code change).

I was able to work on my other issue of having white space get passed on by modifying the
<p>{field.allfields}</p>
to become
<p style="white-space: pre-wrap">{field.allfields}</p>
, however I'm not seeing a means of escaping characters.

Site Details:
Joomla! 3.9.24 Stable
JD Builder v1.11.2 (with the lovely error message saying that it needs to be upgraded to v1.11.2 {that you already know about})
HTTP Server: LightSpeed
DB: MariaDB
PHP Version: 7.4
Last Edit: 1 month 6 days ago by watched.live.
The administrator has disabled public write access.

Sanitizing/Escaping field values 7 months 19 hours ago #28434

  • nishtha
  • nishtha's Avatar
  • Offline
  • Moderator
  • Posts: 2436
  • Thank you received: 218
  • Karma: 36
Hi,

It seems you are using the JD Builder Form element, therefore I'll firstly suggest you to move your query in the correct category next time please. JD Simple Contact Form is a separate extension not related to JD Builder in any way.

And the other thing being I have forwarded your concern to the developer he will let you know on this shortly.

Thanks,
Nishtha
Thank You,
If you like our support and products, tweet us at joomdev and let the world know about it.

To know more about products check out the their documentation.
The administrator has disabled public write access.

Sanitizing/Escaping field values 7 months 19 hours ago #28436

  • watched.live
  • watched.live's Avatar
  • Offline
  • New Member
  • Posts: 17
  • Thank you received: 2
  • Karma: 1
Thank you for the redirect. Fairly fresh in the full setup, and so when seeing the Simple Contact, did become confused. I am going to test out the Simple Contact as well though.
The administrator has disabled public write access.

Sanitizing/Escaping field values 6 months 2 weeks ago #28822

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Posts: 4489
  • Thank you received: 646
  • Karma: 115
Let us know if we can help with anything else here.

Thanks,
Chetan
Thank You,
If you like our support and products, tweet us at joomdev and let the world know about it.
The administrator has disabled public write access.

Sanitizing/Escaping field values 1 month 6 days ago #30770

  • watched.live
  • watched.live's Avatar
  • Offline
  • New Member
  • Posts: 17
  • Thank you received: 2
  • Karma: 1
Is there any update on how to do this within JD Builder? Having someone provide a img tag in a text form field isn't a marvelous thing.
The administrator has disabled public write access.

Sanitizing/Escaping field values 1 month 4 hours ago #30839

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Posts: 4489
  • Thank you received: 646
  • Karma: 115
I understand, We do have other reports regarding forms in general being spammed and we'll see what other measures can be taken to eliminate the spam issue and/or add field validations.

Thanks,
Chetan
Thank You,
If you like our support and products, tweet us at joomdev and let the world know about it.
The administrator has disabled public write access.

Sanitizing/Escaping field values 4 weeks 2 days ago #30849

  • dankra
  • dankra's Avatar
  • Offline
  • Premium Member
  • Posts: 133
  • Thank you received: 2
  • Karma: 1
::following::
The administrator has disabled public write access.
Moderators: chandandeep
Time to create page: 0.427 seconds
Cron Job Starts