You need to sign in to do that
Don't have an account?
Jonathan Thornton 4
Display tags from Controller using JSINHTMLENCODE (or similar)
Hello,
I have a user input field on my Salesforce Community where if a user types someone's name with @NAME it will send the user an email essentially. The controller replaces the "@NAME" with a link to that user's profile page. So what we have is basically a mixture of user input and replaced user input from the controller with html tags in the OutputText. I also have the output replacing the carraige returns with <br/> tags.
The problem is the link which comes from the controller gets escaped. A user input of:
@NAME
123
456
Ends up looking like this:
<a href="www.google.com">@NAME</a>
123
456
I cannot figure out how to display the link properly while still escaping the potentially malicious characters... Any assistance is greatly appreciated!
Here's the relevant controller code for reference if it helps:
Thank you!!
Jonathan
I have a user input field on my Salesforce Community where if a user types someone's name with @NAME it will send the user an email essentially. The controller replaces the "@NAME" with a link to that user's profile page. So what we have is basically a mixture of user input and replaced user input from the controller with html tags in the OutputText. I also have the output replacing the carraige returns with <br/> tags.
<apex:outputText value="{!SUBSTITUTE(JSINHTMLENCODE(fi.body), '\r\n', '<br/>')}" escape="false"/>
The problem is the link which comes from the controller gets escaped. A user input of:
@NAME
123
456
Ends up looking like this:
<a href="www.google.com">@NAME</a>
123
456
I cannot figure out how to display the link properly while still escaping the potentially malicious characters... Any assistance is greatly appreciated!
Here's the relevant controller code for reference if it helps:
if(feeditems != null && feeditems.size() > 0){ for(FeedItem fi : feeditems){ for(string screenName : screenNames){ if(fi.body.contains(screenName) && screenNameUserMap.containsKey(screenName)){ fi.body = fi.body.replace(screenName, '<a href="/FCIProfile?uId=' + screenNameUserMap.get(screenName) + '">' + screenName +'</a>'); } } } }
Thank you!!
Jonathan