If you export the db from appadmin in csv, is the character there?
On Friday, 25 May 2012 08:53:51 UTC-5, Cédric Mayer wrote:
>
> I tryed to simpllfy my code to post it here, so in a controller:
>
> def simpletest():
> #table definition
> db.define_table('t_simple_test',
> Field('f_form', type='text',
> label=T('Form'),
> comment=T('Write anything here')))
> #form definition
> questionid = 0
> if request.args(0):
> questionid = request.args(0)
> record = db.t_simple_test(questionid)
> if not record:
> session.flash = T("Unknown form %s") % questionid
> redirect(URL('index'))
> logger.info("Editing form %s" % questionid)
> form = SQLFORM(db.t_simple_test, record, deletable=True)
> else:
> logger.info("Editing new form")
> form = SQLFORM(db.t_simple_test)
> if form.accepts(request.vars, session):
> response.flash = T("Form saved.")
> if not questionid:#first save
> session.flash = response.flash
> redirect(URL('simpletest',args=[form.vars.id]))
> elif form.errors:
> response.flash = T("Form in error.")
> return dict(form=form,questionid=questionid)
>
> (I know I should avoid to define a table in the controller, but I moved
> the definition here in order not to mess with the rest of my code.)
> But using the form generated by this controller, I cannot reproduce my
> problem. :-(
>
> In my other controller functions where I reproduce the problem, I just do
> some other things after the form.accepts() (because I added more things in
> my form in the view), but I do not change the content of the submitted form.
> Even in the views I do not check nor rewrite the content of standard form
> fields... I will investigate more and replace escaped characters by the
> non-escaped ones for the moment.
>
> I know the content written to a page is escaped, so I use XML(form) to
> keep HTML content. But only selected people can write such content, general
> users only see the displayed HTML :-)
>
> Thank you Anthony !
>
> Le vendredi 25 mai 2012 15:11:33 UTC+2, Anthony a écrit :
>>
>> Can you post some code? Using your own SQLFORM will produce the same
>> results as appadmin when creating and editing a record (appadmin also uses
>> SQLFORM).
>>
>> Note, by default, any content you write directly to the page in the view
>> is escaped, so any HTML tags will be escaped and displayed as literals
>> rather than interpreted as HTML. To prevent content from being escaped, you
>> have to wrap it in XML() (see
>> http://web2py.com/books/default/chapter/29/5#XML). Be careful about that
>> -- if you fail to escape content submitted by general users, you'll have a
>> cross-site scripting vulnerability (
>> http://en.wikipedia.org/wiki/Cross-site_scripting).
>>
>> Anthony
>>
>> On Friday, May 25, 2012 4:35:30 AM UTC-4, Cédric Mayer wrote:
>>>
>>> Hello !
>>> I have a table with "text" fields:
>>> Field('f_comments', type='text',
>>> label=T('Comment')),
>>> or even:
>>> Field('f_form', type='text',
>>> label=T('Form'), comment=T('Please write HTML here')),
>>> Using appadmin interface, if I use an apostrophe " ' " inside the
>>> textarea fields and submit the record form, the apostrophe saved, and if I
>>> display the appadmin form for the same record again, they are displayed
>>> inside the textarea fields.
>>>
>>> But creating my own form:
>>> form = SQLFORM(db.t_question, record, deletable=True)
>>> apostrophes " ' " do not appear anymore.
>>>
>>> I did some copy-paste of what was inside my own textarea to an
>>> hexadecimal editor, and the apostrophe are replaced with the # 27 (hexa 1B)
>>> character in the case of my own form.
>>>
>>> If I save the form as-is, this 1B character is saved too, and so the
>>> apostrophe disappears also if I look to the record from the appadmin
>>> interface.
>>>
>>> It is really anoying as I use the content of the fields as pure HTML
>>> afterwards : not having apostrophes leads to errors if I try to have some
>>> Javascript in those fields.
>>>
>>> 1) What is the difference between the form generated in appadmin, and
>>> the one generated by SQLFORM ?
>>> 2) Is there a way not to escape " ' " in text fields ?
>>>
>>
