Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    Timeline show NameField as EscapeHTML

    I have a timeline in which the fields are transformed as shown in the example below. There is also a Calendar Event in which the title field can have the value "<b>test</b> jr <img src=foobar onerror='alert(123);'>". How do I make this event display its escapeHTML = true in the timeline?

    Code:
    tasksLine = new Timeline();
    tasksLine.setNameField(CONSTANT.TITLE);
    tasksLine.setDescriptionField(CONSTANT.HTMLTEXT);
    tasksLine.setStartDateField(CONSTANT.BEGINNING_DATE);
    tasksLine.setEndDateField(CONSTANT.DUE_DATE);
    Code:
    CalendarEvent
    {
    "htmlText": "<b>test</b> jr",
    "title": "<b>test</b> jr <img src=foobar onerror='alert(123);'>",
    "beginningDate": "2020.11.22 23:00:00",
    "dueDate": "2020.11.26 22:59:59"
    }

    #2
    Have you already tried the escapeHTML property that is available on DataSourceField? If not, please try that - otherwise, please let us know whether it seems to be inapplicable or doesn't seem to be working.

    Comment


      #3
      jes, my DataSource title field contains escapeHTML = true

      Comment


        #4
        You will need to test this out with the latest patched build of whatever version you are using, and then report the product, version and build date.

        Comment


          #5
          To test it, I created such a function. You can see that the escapeHTML in the field is set to true.

          Code:
          tasksLine.setEventHeaderHTMLCustomizer(new EventHeaderHTMLCustomizer() {
          @Override
          public String getEventHeaderHTML(CalendarEvent calendarEvent, CalendarView calendarView) {
          DataSourceField[] fields = tasksLine.getDataSource().getFields();
          return calendarEvent.getAttribute(CONSTANT.TITLE),;
          }
          });
          Click image for larger version

Name:	Screenshot 2024-09-30 144114.png
Views:	28
Size:	7.0 KB
ID:	273774

          Version v12.1p_2024-09-07/Pro Deployment (2024-09-07)

          Comment


            #6
            The same problem occurs with HoverHTML

            Comment


              #7
              Calendar code is not currently respecting escapeHTML on DataSourceFields - we'll add that support.

              In the meantime:, if you want the content in EventCanvases and their hovers to be escaped, you can set EventCanvas.escapeHTML globally or on the "eventCanvas" autoChild of your Calendar - that will affect the contents of the Calendar.nameField and descriptionField when they appear in the view or in hovers, and should also escape custom values returned from customizer-methods.

              Comment

              Working...
              X