Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support very simple scenario where parser fails
very simple scenario where parser fails
  • Offline jacobs-kmi
    Newbie
  • *
  • Posts: 6
    Threads: 3
    Joined: Mar 2022
    Reputation: 1
#1
03-23-2022, 06:01 AM

Hi All,
I am finding that the view parser in CI4 is failing when I add a tiny snip of javascript to an anchor href;
and can't quite understand why 
(based on some tracing I did into the parser code it seems like the addition of () within the href is causing the parsed replacement to fail)
The example is so simple that I am sure I must be doing something wrong, 
any help would be greatly appreciated, thanks!

The controller method:
PHP Code:
public function test(){
    $somedata = [
    'message' => 'massagee',
    'userlist' => [
    ['id'=>10'email'=>'[email protected]']
    ]
    ];
    $parser service('parser');
    echo $parser->setData($somedata)->render('test');


Offending view code:
{message}<br><br>
{userlist}
a row {id}, {email}, <a href="alert('{email}');">unauthorize</a><br>
{/userlist}


Output:
massagee

{userlist} a row {id}, {email}, unauthorize
{/userlist}


Revised view code (alert() removed):
{message}<br><br>
{userlist}
a row {id}, {email}, <a href="{email}">unauthorize</a><br>
{/userlist}


Properly parsed output:
massagee

a row 10, [email protected]unauthorize
Reply
  • Offline jacobs-kmi
    Newbie
  • *
  • Posts: 6
    Threads: 3
    Joined: Mar 2022
    Reputation: 1
#2
03-25-2022, 05:56 AM

I've reported this as a bug here:
https://github.com/codeigniter4/CodeIgni...ssues/5825
Reply




Theme © iAndrew 2016 - Forum software by © MyBB