datatable cuts strings after "

Hello,

my Webix datatables get data from SQL server using PHP with functions like

$dbtype = "SQLSrv";
$data = new JsonDataConnector($conn, $dbtype);
 $data->render_sql( $row['SelectQuery'], $row['PrimaryKey'], $row['DataFields']);

It works fine, but I have the strange behaviour that whenever I have a “<” character in a text field in Webix, e.g. “text < lost text”.

When I modify the string in a Webix datatable editor, the part of the string behind the “<” is lost, when webix writes the row update back to the DB server ("text " remains). In Webix datatable, the full string is still here, until I refresh from the DB server next time.

This happens for “<”, but e.g. “>” or “=” or other special characters works fine.

Thanks for any ideas for solving it!

Regards,
Peter

hey, does the support forum also cut the discussion headline string behind “<” ?? :wink:

By default, Webix widgets do not escape the data. They process “< some” as HTML tag.

You can force escaping by using “#!name#” instead of “#name#” in a related template

http://webix.com/snippet/538bab06

Thanks for the fast reply. Adding template: “#!col_name”’ to the datatable columns didn’t solve it yet.

The “< some” part is visible in Webix column, but it is removed on the way back to the database server. SQL server only gets "text " in the update statement, when updating the text in webix.

Maybe the HTML excaping needs to be put in somewhere else? thanks again.

There is a different issue on server side.

You are using connector and connector removes all HTML tags as part of XSS filtering, you can try to add into the server side code something like follows

ConnectorSecurity::$xss = DHX_SECURITY_SAFEHTML;

or

ConnectorSecurity::$xss = DHX_SECURITY_TRUSTED;

Thank you, setting the XSS mode to

ConnectorSecurity::$xss = DHX_SECURITY_TRUSTED;

solved the problem!