I am using Froala, and if I type something through the editor like
here's
..and do an alert on what is returned via the Froala contentChanged function, I get:
here's
Why? and how to fix?
Asked
Active
Viewed 204 times
0
-
It's just escaping the `'`. Is this causing an issue anywhere? It should display as a `'` in your page. – gen_Eric Jan 14 '22 at 18:54
-
yes it's a problem, the client doesn't like the source code being ', even though when viewed they properly see ' here's ' – E.D. Jan 14 '22 at 18:59
-
@E.D. ask the client if they're willing to have their website hacked instead of using `here1s` in the source code (which doesn't even affect the user in any way). It's a Froala feature that prevents XSS attacks. Other escaped values are `"`, `<`, `>` and `&`. – code Jan 15 '22 at 02:57
1 Answers
-1
This is an intentional feature, and not fixable. It is because programs like Froala don't understand values like: ;,'"`!.: ect.
Fort-P
- 5
- 6
-
It's an intentional feature to _escape HTML_ to prevent XSS attacks, not because Froala doesn't understand it. – code Jan 15 '22 at 01:11
-
Ok, well I ended up using Rob W's response here: https://stackoverflow.com/questions/7394748/whats-the-right-way-to-decode-a-string-that-has-special-html-entities-in-it/7394787#7394787 – E.D. Jan 15 '22 at 05:55