[eluser]ururk[/eluser]
I must be doing something wrong (CI - 1.7.2). This JS is getting through:
Code:
" onclick="alert('hi')" "
and I don't think it should. My input box contains nothing, but an alert pops up when clicking inside (Safari 4.04). I found this while trying to switch the search over to GET, and thought it was related to switching to GET. However, the same behavior exists when using POST.
Code:
javascript (plus a colon)
is removed.
Setup:
Search form (this is part of a view):
Code:
<label for="all_words">All these words</label>
<input type="text" name="all_words" id="all_words" value="<?php echo $all_words; ?>" />
<?php echo form_error('all_words'); ?>
Validation rule:
Code:
function _validate_advanced() {
$this->form_validation->set_rules('all_words','Keyword','xss_clean|trim');
}
Controller:
Code:
$this->_validate_advanced();
$validate_fields = $this->form_validation->run();
$form_data = array(
'all_words' => html_entity_decode(set_value('all_words'), ENT_QUOTES, "UTF-8")
);
if ($validate_fields == FALSE) // validation hasn't been passed
{
if (validation_errors()) {
$data['title'] .= " - Error";
$data['content'] = heading($data['title'], 1);
$data['content'] .= "<p class='error'>" . $this->lang->line('message_search_input_error') . "</p>";
} else {
$data['content'] = heading($data['title'], 1);
}
$data['content'] .= $this->load->view('search/advanced', $form_data, true);
}
else // passed validation proceed to post success logic
{
$data['content'] = heading('Advanced Search Results', 1);
if ($results = $this->search_model->do_advanced_search($form_data)) {
$data['content'] .= generate_results_table($results) . "<p> </p>";
} else {
$data['content'] .= "<p>" . $this->lang->line('message_no_search_results') . "</p>";
}
$data['content'] .= $this->load->view('search/advanced', $form_data, true);
Any ideas?