Russ M asked 5 months ago
Hello!
We want to allow our users to use special characters like arrows (<, >) and backslashes. Currently, after form submission, the backslashes are getting removed, and the text between arrows is considered as HTML tag, so it it gets removed as well. In the end, we have an entry that was cleaned from those special characters. What we want is to create a custom field that will support those characters. However, we need a <textarea> element, not <input>. We have a PHP code snippet (txt file attached) that adds an "unsafe" field to the plugin, which solves the issue with preserving the arrows. However, we need a better solution for the backslashes - with this snippet it still removes one backslash from the input text.
Also the new field is an <input> element, and we need a <textarea>. Or, maybe, there is a way to allow special characters for the default "paragraph" field.
I did go to the Github repository with examples on how to add a custom field: https://github.com/Strategy11/formidable-field-boilerplate/tree/master
However, I could not figure out, how to add a textarea instead of input.
Any help or guidance will be appreciated.
Thanks.
Victor Font answered 5 months ago
Russ M
replied 5 months ago Hello Victor, thank you for the response.
We do not have the DISALLOW_UNFILTERED_HTML constant set, we also did not use the frm_disallow_unfiltered_html hook. We are using the User Role Editor plugin to allow unfiltered HTML for users. According to the articles HTML should not be filtered. But still the text inside the angle brackets is getting removed from the entries.
We are still looking for the solution.
Maybe there is a way to preserve at least the backslashes in entries? We can use backslashes in posts on WP and they are preserved, but they are removed from the FF form entries.
Victor Font
replied 5 months ago My suggestion is to use the constant or the filter. You won't have this problem if you use them appropriately.
Russ M
replied 4 months ago The constant and the filter are used to disallow the unfiltered HTML, if either of them is used the unsafe HTML will be stripped from entries. We want to allow the unsafe HTML for users
Victor Font
replied 4 months ago You are misunderstanding how these work. For a person to add HTML to a WordPress field, the individual must have the unfiltered_html permission. This permission is granted by default to to Super Admins, Administrators, and Editors. No other WordPress role can enter disallowed HTML without permission. You can use the filter and set it to false to allow all Formidable users to enter unfiltered HTML. It's either that or you have add the unfiltered_html permission to all of your WordPress security roles.
Russ M
replied 4 months ago Here is what I tried.
I setup a clean WordPress installation. I set DISALLOW_UNFILTERED_HTML to false in the wp-config.php. The only user is me (Administrator).
Tried to submit a FF form, and still everything in between angle brackets is getting removed from the entry.
After this I tried adding the filter using WP Code Snippets, and it didn't help.
I also got this response from FF support regarding the filter: "By default, a user with `unfiltered_html` capability can save special tags. Custom code is unnecessary. The custom code in our docs disallows that capability.". So I assume the filter is used when there is a need disallow the tags specifically for FF, and not for the whole website.
Please login or Register to submit your answer
