HTML tag Issue #19
Comments
|
Fixed. Thanks @kimwz, your comments are very welcome! |
|
@gatesh says: This change has broken my ability to put selects, like the following, in a cell: select id= "western_coastal" name="Western Coastal Region"> Now the code above shows up in the cell, instead of the select dropdown. |
|
@gatesh - I just submitted a change that allows you to use HTML in setDataAtCell. Use it like this: Can you confirm if it works for you that way? |
|
I'm using $("#dataTable").handsontable("loadData", dataFormatted); I have to do a LOT of processing on the backend to get dataFormatted. While the updated setDataAtCell does work, I'd really rather not call it after already calling loadData. I'm curious: why do you need to escape HTML characters at all in the td? In any case, perhaps you could have an allowHTML flag for loadData as well? Thanks! |
|
I forgot about "loadData". I will add allowHtml param there as well. That is something that @kimwz pointed out. Before today's change you were able to manually type something to a table cell to insert bold text there. This is potentially a serious XSS threat because it allows someone to add hidden code or script into the array. Any security manual tells to escape user input to avoid XSS threats and I am ashamed that didn't notice that earlier. Of course, there are justified cases when HTML should be allowed (especially when it is generated input, not user input). For those cases, allowHtml param in 'setDataAtCell' and 'loadData' will be enough. |
|
I added allowHtml param to loadData. Please give it a try @gatesh. Thanks! |
|
I am now calling using: $("#dataTable").handsontable("loadData", dataFormatted, true); The html, however, is still escaped. |
|
[Shift + Enter] , new line in text does not work |
|
Thanks again, @kimwz. Fixed now |
HTML tag is working
I think you have to add the code about encoding
The text was updated successfully, but these errors were encountered: