Sanitize block configuration input?

Created on 5 November 2020, about 4 years ago

Updated 14 June 2023, over 1 year ago

Problem/Motivation

If a user enters a quotation mark into a custom block admin field, the field does not display in the app frontend.

Steps to reproduce

Here's a stripped down version of my app, haven't tested if this actually works, this is just for demo purposes:

Vue.component('calculator', {
  template: '<div class="my-calculator">' +
    '<p>{{ introText }}</p>' +
    '</div>',
   props: ['introTextField', 'instanceId'],
    mounted: function () {
    // Create Vue variables out of user defined variables.
    if (this.introTextField) { this.introText = this.introTextField; }
  },
    data: function () {
    return {
      introText: null,
    }
  },
   methods: {
  },
});

I followed the documentation to create a custom field in my .info.yml and set it up as a component.

configuration:
  introTextField:
    type: textarea
    title: 'Intro text'
    default_value: 'Default value text here.'

Proposed resolution

I'd like to know if there's a way to sanitize the user input to remove quotation marks or convert them to html.

💬 Support request

Status

Fixed

Component

Code

Created by

🇺🇸United States cfbauer San Diego, CA

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment over 1 year ago →
System Message

segovia94 → committed 4be2c306 on 8.x-1.x
Issue #3180985: Sanitize block configuration input
Status changed to Fixed over 1 year ago3:30am 14 June 2023
Comment over 1 year ago →
🇺🇸United States segovia94
Thanks for pointing this out. The values should now be escaped.
Comment over 1 year ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024