Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    Timeline show NameField as EscapeHTML

    I have a timeline in which the fields are transformed as shown in the example below. There is also a Calendar Event in which the title field can have the value "<b>test</b> jr <img src=foobar onerror='alert(123);'>". How do I make this event display its escapeHTML = true in the timeline?

    Code:
    tasksLine = new Timeline();
tasksLine.setNameField(CONSTANT.TITLE);
tasksLine.setDescriptionField(CONSTANT.HTMLTEXT);
tasksLine.setStartDateField(CONSTANT.BEGINNING_DATE);
tasksLine.setEndDateField(CONSTANT.DUE_DATE);
    Code:
    CalendarEvent
{
"htmlText": "<b>test</b> jr",
"title": "<b>test</b> jr <img src=foobar onerror='alert(123);'>",
"beginningDate": "2020.11.22 23:00:00",
"dueDate": "2020.11.26 22:59:59"
}
    Tags: None
    #2
    Have you already tried the escapeHTML property that is available on DataSourceField? If not, please try that - otherwise, please let us know whether it seems to be inapplicable or doesn't seem to be working.

    Comment

      #3
      jes, my DataSource title field contains escapeHTML = true

      Comment

        #4
        You will need to test this out with the latest patched build of whatever version you are using, and then report the product, version and build date.

        Comment

          #5
          To test it, I created such a function. You can see that the escapeHTML in the field is set to true.

          Code:
          tasksLine.setEventHeaderHTMLCustomizer(new EventHeaderHTMLCustomizer() {
@Override
public String getEventHeaderHTML(CalendarEvent calendarEvent, CalendarView calendarView) {
DataSourceField[] fields = tasksLine.getDataSource().getFields();
return calendarEvent.getAttribute(CONSTANT.TITLE),;
}
});
          Click image for larger version Name: Screenshot 2024-09-30 144114.png Views: 74 Size: 7.0 KB ID: 273774

          Version v12.1p_2024-09-07/Pro Deployment (2024-09-07)

          Comment

            #6
            The same problem occurs with HoverHTML

            Comment

              #7
              Calendar code is not currently respecting escapeHTML on DataSourceFields - we'll add that support.

              In the meantime:, if you want the content in EventCanvases and their hovers to be escaped, you can set EventCanvas.escapeHTML globally or on the "eventCanvas" autoChild of your Calendar - that will affect the contents of the Calendar.nameField and descriptionField when they appear in the view or in hovers, and should also escape custom values returned from customizer-methods.

              Comment

              Previous template Next
              Working...
              X