Datatable fails to load fields that contain characters < or >

edited May 2018 in Technical questions

I've tried to populate a datatable by means of the load function, calling a php backend that provides a JSON response. The table is actually loaded except for the fields that contain character < or character > that are displayed empty.

I've tried CSV format as well and same behaviour.

Is this expected behaviour? How can I manage strings containing < or > to be displayed in a datatable?

My index.html:

  {
    id:"mylist",
    view:"datatable",
    columns:[
        { id:"i", header:"I", width:50},
        { id:"s", header:"S", width:250},
        { id:"e", header:"E", width:250},
        { id:"t", header:"T", width:200},
        { id:"o", header:"O", width:200}
    ]
  },

  ...

    function load_mylist() {
        $$("mylist").load("rest/load.php", "json", function(text, data, request) {
            console.log("text:" + text);
        });
    }

My load.php:

    <?php
    echo '[{"i":"0","s":"11.11.2015 16:23:01.267","e":"11.11.2015 16:23:24.352","t":"<tel:11234567890>","o":"<sip:12345678;phone-context=one.two.net@one.two.net;user=phone>"}]';
    exit;
Tagged:

Comments

  • edited May 2018

    you need to htmlencode your data or escape on output.
    try this:

    {
        id:"mylist",
        view:"datatable",
        columns:[
            { id:"i", header:"I", width:50},
            { id:"s", header:"S", width:250},
            { id:"e", header:"E", width:250},
            { id:"t", header:"T", width:200, format:webix.template.escape /*or template:"#!t#"*/},
            { id:"o", header:"O", width:200, format:webix.template.escape /*or template:"#!o#"*/}
        ]
      },
    
  • Thanks a lot! Both encoding and escaping worked fine.

  • Is webix.template.escape some internal method that might change without notice? I don't see it documented under template or anywhere.

  • Hi @dandv ,

    Thank you for the notice. We will add it to the documentation soon.
    template.escape works the same as a replacement following characters via str.replace:

    {
        "&": "&amp;",
        "<": "&lt;",
        ">": "&gt;",
        "\"": "&quot;",
        "'": "&#x27;",
        "`": "&#x60;"
    }
    

    Also, this information may be useful: https://docs.webix.com/desktop__html_templates.html#xsssafetemplates

  • Hi @dandv, webix.template.escape was documented and will be publicly available in the documentation with the next majour release. Sorry for the inconvenience.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!