NetTalk Central

« previous next »
Pages: [1]

Author Topic: _CleanIncoming  (Read 2348 times)

bshields

  • Sr. Member
  • ****
  • Posts: 392
    • View Profile
    • Inhabit
    • Email
_CleanIncoming
« on: January 15, 2010, 09:44:01 AM »
Question for Bruce i expect.

Bruce, you have a procedure called _CleanIncoming (NT4), one of the things it does is looks for ' on' and if there is also a = symbol present it clears to blank a few characters.

This causes a bug when using TingMCE and probably other stuff. If your customer types " on" (no quotes) and the field also has an equal sign.

When i have some text that includes ' on' values like "blah blah Only blah blah" or "blah blah one blah blah" its clearing the following two characters after "on".

Now i can edit NetWeb.CLW and remove this, but i'm probably going to break something else, since i'm sure its there for a reason.

Could you shead some light on why its there so i can fix this bug without introducing a bunch of new ones?

Thx
Logged

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11170
    • View Profile
Re: _CleanIncoming
« Reply #1 on: January 18, 2010, 05:29:31 AM »
Hi Bill,

changing this method won't cause any side-effect bugs. It's there strictly to detect malicious html input.
the " on" bit is looking for onChange etc. It could be (and will be) a bit more sophisticated as time goes by.

For now, override the behaviour of the method in your WebHandler procedure. I'll tweak it for the next build and let you know, but overriding in WebHandler is safe and won't cause any issues.

cheers
Bruce
Logged

bshields

  • Sr. Member
  • ****
  • Posts: 392
    • View Profile
    • Inhabit
    • Email
Re: _CleanIncoming
« Reply #2 on: January 18, 2010, 06:27:47 AM »
Great, Thanks Bruce
Logged
Pages: [1]
« previous next »