Client is doing some testing and they are able to type HTML and some characters such as '(' and ')' into form fields. Is there an easy way to quickly disable this across our app without having to visit every DynamicForm and add validators or something?
-
-
What do you want to do - disallow such characters or prevent them being interpreted as HTML within, eg, a ListGrid? For the latter, you can set field.escapeHTML in your DataSource. For the former, you will need to add a validator that rejects such characters. -
Most important is not interpreting text as HTML. I looked in the DataSourceField API and don't see a call for escapeHTML. Will I have to do this in code or is there a parameter in the ds.xml I can use?
For disallowing certain characters, I figured validator was the only way. That being said, is there a trick we can use (like setDefaultProperties) that will make this the default for all TextFieldItems or DynamicForms ?Comment
-
You can set it programmatically for a client-side DataSource (the setters are there and doc'd) or in .ds.xml and the property is literally escapeHTML="true".
Do you want to disallow these characters? Things like "&" come up all the time in text data (maybe "Dean & Delucca" appears in a customer list, for example). If you wanted to disallow it you can share the same validator definition across all the fields where the characters are not allowed - you could also define a SimpleType and use it pervasively.Comment
Comment