Keyword

Prevent <iframe> <script> html tags Extra Fields

  • jackson
  • jackson's Avatar Topic Author
  • Offline
  • New Member
More
3 years 6 months ago - 3 years 6 months ago #176988 by jackson
Hello, I'm developing a system based on extra fields, everything works fine, however I noticed that extra fields, even TEXT types, can save <script> or <iframe> tags without any problem, if a curious user wants to insert these tags , ends up breaking the entire page layout. How do I save all extra fields cleared of any such tags? The title field works perfectly, no tags can be saved in it, and that's what I need in the extra fields.

Thanks in advance.
Last edit: 3 years 6 months ago by jackson.

Please Log in or Create an account to join the conversation.

More
3 years 6 months ago #176995 by JoomlaWorks
Replied by JoomlaWorks on topic Prevent <iframe> <script> html tags Extra Fields
Extra fields may hold any piece of information, e.g. a widget (script tag) or a Google map (iframe tag). As such we don't filter the output there.

But what you can do is filter the output on the relevant K2 templates.

See how to override K2's template files (views) here: getk2.org/documentation/tutorials/templating-with-k2-and-the-concepts-of-sub-templates

Then make your own set and e.g. in item.php, locate the foreach loop that outputs the extra fields and in the relevant value output filter as needed (e.g. with strip_tags() or other PHP filters).

Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)

Please Log in or Create an account to join the conversation.

  • jackson
  • jackson's Avatar Topic Author
  • Offline
  • New Member
More
3 years 6 months ago #176996 by jackson
Thanks for the answer, in the templates, I did just that, it works well, but in third party modules it is more complicated to control.

I tried to use the K2 Content module using extra fields, but it doesn't seem to work inside the module:

$ extrafields = array ();
foreach ($ this-> item-> extra_fields as $ item)
{
$ extrafields [$ item-> id] = "". strip_tags ($ item-> value);
}

<? php echo $ extrafields [1];?>

Is there any way to be able to call the specific fields within the K2 Content module? That way my problem would be solved.

Please Log in or Create an account to join the conversation.

  • jackson
  • jackson's Avatar Topic Author
  • Offline
  • New Member
More
3 years 6 months ago #176997 by jackson
I found this code here on the forum, it seems to work well to call specific fields, but sctrip_tags doesn't work, could you help me:

<?php foreach ($items as $key=>$item): ?>
<?php
$k2obj = new K2ModelItem();
$fields = $k2obj->getItemExtraFields($item->extra_fields, $item);
?>
<?php echo $item->extraFields->Rodape->value; ?>

<?php endforeach; ?>

Please Log in or Create an account to join the conversation.

  • jackson
  • jackson's Avatar Topic Author
  • Offline
  • New Member
More
3 years 6 months ago #176998 by jackson
Sorted out! Thanks for listening.

Please Log in or Create an account to join the conversation.

More
3 years 6 months ago #176999 by JoomlaWorks
Replied by JoomlaWorks on topic Prevent <iframe> <script> html tags Extra Fields
Great :)

Fotis / JoomlaWorks Support Team
---
Please search the forum before posting a new topic :)

Please Log in or Create an account to join the conversation.


Powered by Kunena Forum