Skip to content

AjaxEdit: TextArea Does Not Escape ". (Value cannot be saved)

Steps to Reproduce

  1. Edit Record via Full Edit (view=Edit)
  2. **Input **a" Max b value into a textarea field (e.g Description)
  3. Save the Record
  4. Go to Detail/Summary view and hover/AjaxEdit the Description Field (make no changes) & Hit Save Icon/Button ([v])
  5. The error message Please enter a value less than or equal to 0.

validator2

Cause

The " is not escaped causing the value a" Max b bleed into the validator

"validator":[],"value":"a\" Max b"}"

Validator then recognizes Max as a validator and since the value is not a Number, the error is displayed.

Potential Fix

Field.js#L582 - Replace 1st this.getValue() with escape(this.getValue()).

var html = '<textarea class="input-xxlarge form-control inputElement" name="'+ this.getName() +'" value="'+ escape(this.getValue()) + '" >'+ this.getValue() + '</textarea>';

Affected Versions

  • Vtiger 7.x - 8.x
  • Tested on official demo instance
Edited by vtexperts