You welcome, just keep in mind when you decode a value with XML() it might be interpreted as HTML, and may lead to Cross Site Scripting (XSS) attacks.
If an user craft an input like #something”><script>alert(‘XSS’);<script> when is decoded in the view, might be interpreted. Before the value is inserted in DB is good idea to remove values like: >,< and maybe others. Cheers El El dom, 12 de jul. de 2020 a la(s) 11:15, Maurice Waka < [email protected]> escribió: > Wow it works ! > Thanks a lot! > Regards > > On Sunday, July 12, 2020 at 6:06:07 PM UTC+3, Christian Varas wrote: >> >> Maybe you can try something like: >> >> db.something.insert(str(XML(request.vars.somevalue, sanitize=True))) >> >> I use this method to escape everything and convert all to string >> >> Then in the view to see the values not encoded use: {{=XML(value)}} >> >> Maybe helps >> >> Cheers. >> >> El El dom, 12 de jul. de 2020 a la(s) 10:53, Maurice Waka < >> [email protected]> escribió: >> >>> I have some strings in *request.vars* that I'm trying to save to db. >>> >>> An example is this : ["sure","iii!@#$%^&*()_"]. These strings/lists come >>> from users in an natural language processing (NLP) app being used. >>> >>> For example in medical language a bone fracture represented as '#' >>> instead of the whole noun, while 'and' used as '&'. These are commonly used >>> characters that I can avoid to process. >>> >>> The problem is that when I check the DB, it does not save strings with >>> characters after '#' and '&' characters e.g. 'abcdef!@#$%%%' being saved as >>> 'abcdef!@' or in medical terms: "my patient recently had a # while jogging" >>> is saved .. "my patient recently had a >>> >>> How can I make sure to save the whole string. >>> >>> Kind regards >>> >> -- >>> Resources: >>> - http://web2py.com >>> - http://web2py.com/book (Documentation) >>> - http://github.com/web2py/web2py (Source code) >>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "web2py-users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/web2py/f10fa835-ce3b-491f-a2b2-c057bf38cb5eo%40googlegroups.com >>> <https://groups.google.com/d/msgid/web2py/f10fa835-ce3b-491f-a2b2-c057bf38cb5eo%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/web2py/1a79beb0-c01b-4e61-ad7d-783dc1e0a3feo%40googlegroups.com > <https://groups.google.com/d/msgid/web2py/1a79beb0-c01b-4e61-ad7d-783dc1e0a3feo%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CA%2Bs%2BuJtv1ByUVTVzWKcPnmfHa_4j23cfbccEjqzDSJdAYEmBqA%40mail.gmail.com.
