+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: very simple scenario where parser fails (/showthread.php?tid=81596)
very simple scenario where parser fails - jacobs-kmi - 03-23-2022
Hi All,
I am finding that the view parser in CI4 is failing when I add a tiny snip of javascript to an anchor href;
and can't quite understand why
(based on some tracing I did into the parser code it seems like the addition of () within the href is causing the parsed replacement to fail)
The example is so simple that I am sure I must be doing something wrong,
any help would be greatly appreciated, thanks!
The controller method:
PHP Code:
public function test(){
$somedata = [
'message' => 'massagee',
'userlist' => [
['id'=>10, 'email'=>'[email protected]']
]
];
$parser = service('parser');
echo $parser->setData($somedata)->render('test');
}
Offending view code:
{message}<br><br>
{userlist}
a row {id}, {email}, <a href="alert('{email}');">unauthorize</a><br>
{/userlist}
Output:
massagee
{userlist} a row {id}, {email}, unauthorize
{/userlist}
Revised view code (alert() removed):
{message}<br><br>
{userlist}
a row {id}, {email}, <a href="{email}">unauthorize</a><br>
{/userlist}
Properly parsed output:
massagee
a row 10, [email protected], unauthorize
RE: very simple scenario where parser fails - jacobs-kmi - 03-25-2022
I've reported this as a bug here:
https://github.com/codeigniter4/CodeIgniter4/issues/5825