Inconsisent Handling of Apmersand

jrusling

While working with an admin form we have created we noticed that the ampersand is sometimes not rendering correctly and is not storing correctly on a DB update. If we enter something like "Cats & Dogs" it stores in the DB as "Cats & Dogs" (HTML tag for &). To counter this I am taking my SQL string and executing a replace to change the HTML tag for the simple ampserand. This is now storing correctly in the DB but just after the update the text fields revert to the HTML tag. Closing and reloading record results in a correct rendering. While I have a work around it seems awkward and should not be necessary. Is this a common issue?

Colyn_Pierre

Hi John,

 

Metastorm has a feature that escapes potential  "unsafe" characters from the user inputs. They then end up as the escaped characters in the database. When forms are reloaded, they do not "un" escape these characters again....or so it seems to me as I am also struggling with the same issue.

 

There are options that can be set in the Web.config to turn this Html "sanitation" off but this leaves a gap in terms of security to keep hackers out. ()

 

I ended up writing a function to escape the text before it goes to the Metastorm engine for processing. On the form load I then "un" escape it again.

 

Maybe there is a better option out there. Will be good to get more info.

Richard Burt

I have seen similar behaviour with the actual form name.

 

For example, we have a form called 'Audit & History'. Sometimes this is rendered correctly in the form tabs and sometimes it comes out as 'Audit & History'. Very annoying!

Hardik Bhatt

I am facing the same issue for the browser... https SSL connection.

 

Was there any resolution? Pls suggest..