HTLM format for datafield in datapage footer

[DesiLogi]

Hello,

I have a text field in a table (64000 characters) that is used for creating a 'footer' address, contact info section to show on certain printouts. The datapage to input the data is a single form update and the field is set to use the html editor/advanced. 

The datafield in question is part of the authentication. 

The problem is that in the datapage footer upon viewing it keeps showing all the html formatting markup. I'm using [@authfield:Company_Print_Footer!] with the '!' at the end of it like all my other html datafields (which work fine in displaying). I can't figure out why this particular one continues to show the html markup in display. Any help would be appreciated- 

[JayMont]

Did you enable the "Source" button in the Editor?

[DesiLogi]

yes, the Rich Text editor is enabled- so when you click on Source in the field's editor you can see all the html markup as it should be. So it's storing that in the table's field- correctly. The issue is in the display of that value on a footer of a different datapage, as an authorization field. Unlike all other html fields using ! after the fieldname this particular field still shows all the Source html markup when displaying. 

[JayMont]

This is the only field which shows as HTML markup?

[DesiLogi]

Yes that is correct- it's the only field that shows html markup. I have another field- exactly the same formatting- on the footer of the datapage and it displays as expected, with no html markup (even when there is html markup in the Source). It's really strange- 

[JayMont]

Can share the URL of the DataPage/webpage and the screenshot that shows how you inserted it to the DataPage?

[DesiLogi]

There's a ridiculously low limit for an attachment so I can't attach the pics directly. They're linked here: 

[JayMont]

Could you remove the "!" when you insert it in the DataPage?

[DesiLogi]

yes of course I tried that- without the ! in the field name it's supposed to show the html markup and it does. With the ! it's supposed to use the html markup and not show it- but it's the same thing either way. 

[aam82]

I don't see any screenshots or links to your page, but I figure this could happen if you have an open html tag somewhere in your markup. like "<a"

[DesiLogi]

that's a good point but it's not the issue, unfortunately. I took just that authfield and put it on a totally blank datapage footer, no other html markup, and the same issue comes up. tested another html field that displayed properly. it seems like it must be something maybe in the way the field itself is storing the data or something- really maddening.. thanks for the suggestion though. 

 

just did some more testing with other fields to try and figure it out. it seems that if a field is an authorization field it will not be correctly displayed if it has html markup, even using the ! symbol. I created another authfield as a test and had the same problem. fields from a regular data source worked normally, so it seems like it's an authfield issue. 

[aam82]

Did you try using an app parameter instead of an auth parameter?

link: http://howto.caspio.com/apps/app-parameters/

 

[DesiLogi]

needs to be auth parameter because it changes with each user's account. the app is a multi-tenant app, each account has it's own particular dataset. 

[aam82]

I took a look, and apparently the authfield output is being escaped by a preprocessor on the server before being sent...I guess security measures?

You can use the following script to capture the output of the field from a hidden DIV, and use the text there as the HTML content of a second DIV that you display.

<div id="escaped_html" style="display: none">[@authfield:company_footer_html]</div>
<div id="unescaped_html"></div>
<script>
var userFooter = document.getElementById("escaped_html").innerText;
document.getElementById("unescaped_html").innerHTML = userFooter;
</script>

 

[DesiLogi]

thanks for looking into that aam82- I don't know why or how this would be happening, as it's just on a regular Caspio datapage. What does the escape part actually mean, in terms of why that's the case? I have the same issue when I try that auth field on a totally blank datapage footer with nothing else on it, so I don't think it's the host page itself.. 

[aam82]

I don't know the details, but it's a security measure. Maybe you could google form input, sanitization, security, and character escaping together to see the general idea. It would make sense that they do more of this for auth fields, and not other fields. Just a guess.

This doesn't have to do with your hostpage.

On the bright side, the workaround seems pretty clean a straightforward to me.

[DesiLogi]

I don't know- there shouldn't be any kind of security issue and the datapage I"m testing isn't even hosted in a webpage at the moment- it's just a straight data page url I'm using, and it also has the issue in preview. I have a ticket in with Caspio and hopefully they can shed some light on it. Thanks for the insight- 

[DesiLogi]

Just a heads up for anyone looking at this post- Caspio dug into the issue and found that it's actually a bug that needs to be addressed in the next release. thanks to everyone for trying to help work it out before that was figured out.