Render whitelisted HTML in Radio and Checkbox fields #415

Closed
jakejackson1 opened this Issue Jun 21, 2016 · 1 comment

Projects

None yet

1 participant

@jakejackson1
Member

Right now we escape all HTML for the majority Gravity Form fields. Since Radio and Checkbox field values are set by the site owner, and not the end user^, it is safe to render any whitelisted HTML. This will allow HTML like bold, italics or anchor tags to be shown.

^ The exception to this is the user-defined "Other" option.

@jakejackson1 jakejackson1 added this to the 4.0.1 milestone Jun 21, 2016
@jakejackson1 jakejackson1 added the Bug label Jun 28, 2016
@jakejackson1 jakejackson1 pushed a commit that referenced this issue Jun 29, 2016
Jake Jackson Allow Radio and Checkbox values to show HTML in PDFs
This is because these fields are set by the site owner and not the end user so it's presumed to be trusted. The exception to this is user-defined values in Radio fields which allows the "other" option.

With that said, all HTML is run through wp_kses_post() to prevent any nasty surprises.

Resolves #415
2d0d198
@jakejackson1 jakejackson1 closed this in #426 Jun 29, 2016
@jakejackson1 jakejackson1 reopened this Aug 7, 2016
@jakejackson1
Member

The problem also effects the $form_data array. Instead of applying it directly to the HTML output we should do it at the data level.

@jakejackson1 jakejackson1 modified the milestone: 4.0.1, 4.0.4 Aug 7, 2016
@jakejackson1 jakejackson1 pushed a commit that referenced this issue Aug 9, 2016
Jake Jackson Apply HTML decoding in value() so html() and form_data() both take ad…
…vantage

Resolves #415 which previously only fixed html()
e849ff5
@jakejackson1 jakejackson1 closed this in #474 Aug 9, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment