Hello, I am here to report an improvement for your dev team.
Problem: Cannot include '<=' in textarea field. The content after '<=' will be discarded or will malfunction.
Scenario (used case): When you want to show some arithmetic comparison, ex: a <= 100.
Analyze: In wpdatatables/controllers/wdt_ajax_actions.php, there is code (my class is modified and can't refer correct lines) that will strip '<='. To overcome this, make sure before the code is stripped, try to change it to some other tag name that will not be stripped, ex: "myUniqueID". Add this line before sanitize data:
//change "<=" to "myUniqueID" $formData[$column->orig_header] = preg_replace("/<=/", "myUniqueID", $formData[$column->orig_header]);
Once all the sanitization are complete, remember to change 'myUniqueID' back to '<='.
//change "myUniqueID" back to "<=" $formData[$column->orig_header] = preg_replace("/myUniqueID/", "<=", $formData[$column->orig_header]);
Do the same thing for the excel one as well if needed.
This works fine in HTML editor, but for some reason it's not working in single and multi-line editors. The issue has been forwarded to our development team, so hopefully they'll be able to fix it soon.
No problem. Actually, I thought hard about it. It is not a bug technically speaking, it is the nature of how stripping tag is and how the DOM tree is processed. I understand the concern of possible client side attack but that is actually the fault on the client side for allowing inputting malicious code.
My use case here is to put some code snippet using textarea field. The '<=' is one of the things that discards my whole written content. There is another scenario in which I want to type '<<' to indicate left shift operator (programming wise) and since the DOM cannot interpret the text correctly, hence the content after '<<' is discarded. As the result, I commented the lines that strip tags and process DOM.
Hope this provides some insights for your dev team.
Hello, I am here to report an improvement for your dev team.
Problem:
Cannot include '<=' in textarea field. The content after '<=' will be discarded or will malfunction.
Scenario (used case):
When you want to show some arithmetic comparison, ex: a <= 100.
Analyze:
In wpdatatables/controllers/wdt_ajax_actions.php, there is code (my class is modified and can't refer correct lines) that will strip '<='. To overcome this, make sure before the code is stripped, try to change it to some other tag name that will not be stripped, ex: "myUniqueID". Add this line before sanitize data:
//change "<=" to "myUniqueID"
$formData[$column->orig_header] = preg_replace("/<=/", "myUniqueID", $formData[$column->orig_header]);
Once all the sanitization are complete, remember to change 'myUniqueID' back to '<='.
//change "myUniqueID" back to "<="
$formData[$column->orig_header] = preg_replace("/myUniqueID/", "<=", $formData[$column->orig_header]);
Do the same thing for the excel one as well if needed.
Hello Issac
Thank you for sharing this with everyone.
This works fine in HTML editor, but for some reason it's not working in single and multi-line editors. The issue has been forwarded to our development team, so hopefully they'll be able to fix it soon.
Kind Regards,
Aleksandar Vuković
[email protected]
Rate my support
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables
Hi again Issac
Our developers confirmed this bug, and it will be fixed in one of our next updates.
Once again, thanks for sharing!
Kind Regards,
Aleksandar Vuković
[email protected]
Rate my support
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables
Hi Aleksandar,
No problem. Actually, I thought hard about it. It is not a bug technically speaking, it is the nature of how stripping tag is and how the DOM tree is processed. I understand the concern of possible client side attack but that is actually the fault on the client side for allowing inputting malicious code.
My use case here is to put some code snippet using textarea field. The '<=' is one of the things that discards my whole written content. There is another scenario in which I want to type '<<' to indicate left shift operator (programming wise) and since the DOM cannot interpret the text correctly, hence the content after '<<' is discarded. As the result, I commented the lines that strip tags and process DOM.
Hope this provides some insights for your dev team.
Awesome, Issac
Thank you once again for your help.
I will forward this info to them as well, and hopefully they'll be able to resolve it soon.
Kind Regards,
Aleksandar Vuković
[email protected]
Rate my support
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables