v2025
have a subject field, when an ampersand (&) is entered and you go to the confirm page the data shows as:
Privacy & Security Testing
but on the edit screen it displays fine as Privacy & Security Testing.
when the record is loaded, the text was “&”
it saves back the DB as &
checked the my events, don’t see any custom code that would cause this, and field is utf8.
thanks,
If RemoveXSS extension is enabled, “&” will be converted to “&” on form submission, the confirm page shows the values to be saved. If you don’t want such conversion, you may set the field as Raw by the RemoveXSS extension.
ok, i’d prefer to keep it on, but is there any way to show the actual characters on the submit/confirm stage, but still write out as the XSS code?
you know how users are if they start seeing these odd characters, they’ll think something is incorrect
thanks,
You may use Row_Rendered server event to convert the characters, check if it is Confirm page by $this->isConfirm().