DataTables
Advanced interaction
features for your tables.
Editor
Comprehensive editing
library for DataTables.
Manual
Download
Show site navigation

Special chars in text field always considered as changed (editor.js editor PHP)

Special chars in text field always considered as changed (editor.js editor PHP)

perrotinperrotin Posts: 39Questions: 9Answers: 1
edited July 2017 in Editor

Hello Allan,

I'm using dataTable and Editor PHP SERVERSIDE in "STANDALONE MODE".

I've got a lot of standalone field on my pages and I'm using "CHANGE" mode to prevent all field from being updated each time a field is edited.

My problem is that as soon as a text field contains a special char (for instance &), editor consider that it has changed.

The problem seems to come from the _deepCompare function on line 180 (dataTables.editor.js v1.6.2).

The following condition always returns false when special characters are in the field. :

if ( typeof o1 !== 'object' || typeof o2 !== 'object' ) {
return o1 === o2;
}

For example when a field contains the value &test :

console log(o1,o2) ---> &test & amp;test

In database the value is saved as "& amp;test", and is returned that way in json, but the text field just returns "&" so it's always considered as changed.

Can you think of a solution for this ?

Thanks for your help

Julian

Replies

  • allanallan Posts: 61,667Questions: 1Answers: 10,096 Site admin

    What I think is happening here is the XSS protection is getting in the way. Because DataTables doesn't encode characters by default on display (which is an XSS vector) Editor does the XSS encoding before writing to the database. You could disable that using ->xss( false ) for the field(s) in question in the server-side script.

    If you do that and it is a public application (i.e. not just an internal office tool), have a look over the security manual page to understand how to protect against XSS attacks.

    You'll probably need to save the text once before the "fix" will be noticeable, since it needs to save the decoded value.

    Allan

  • perrotinperrotin Posts: 39Questions: 9Answers: 1

    Hi Allan,

    I'm coming back on this issue beacause it causes a lot of problem on the application I've built.
    I've got a lot of field and a lot of page.
    Would it be possible to have the possibility to disable xss globally, instead of per field.

    Thanks Julian

  • allanallan Posts: 61,667Questions: 1Answers: 10,096 Site admin

    You'd need to use ->xss( false ) on each of the fields. The other option is to modify the Field.php file and change the default value in the class.

    Allan

This discussion has been closed.

DataTables

DataTables designed and created by SpryMedia Ltd.
© 2007-2023 MIT licensed. Privacy policy. Supporters.
SpryMedia Ltd is registered in Scotland, company no. SC456502.