Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
I have an issue like
I have created one document type with property name news and type is textbox multiple.
In content page textbox i have entered <script>alert('hi')</script>.
Save and Published this.
Script executing in textbox control, alert showing in home page.
in xslt i have given <xsl:value-of select="./teaserDesc" disable-output-escaping="yes"/> but its not restricting alert message.
Hi Satya and welcome to our :)
What is the purpose of your alert? Should it only be used in the Umbraco backoffice? And what exact version of Umbraco are you using?
Hi Jan thanks for your reply
i am using Umbraco 7.2.1 version.
reaised ticket for this. i want resolve this issue. If knows pls help me.
Ok, so you have a form on your public facing website, which picks up data and creates a node in the umbraco backoffice based on the form entry?
Please provide as much information as possible since it's essential that I understand the issue before proposing a solution.
Looking forward to hearing from you.
i dont know whether it is issue or not, if there any solution for this we can restrict to execute script in textbox.
You have a couple of options for dealing with this, and the simplest is just to remove the disable-output-escaping attribute (or set it to "no", which is the default):
<xsl:value-of select="teaserDesc" />
If you need to fully remove the tags you could try using the StripHtml() extension, like this:
<xsl:value-of select="umbraco.library:StripHtml(teaserDesc)" />
I have given like as you mentiond above, still alert is showing in home page. Please find the below screenshot.
is working on a reply...
Write your reply to:
Image will be uploaded when post is submitted