Customize: Form fields need proper escaping

Support forumCategory: BugsCustomize: Form fields need proper escaping
Carsten asked 4 years ago
Hello, you should properly escape the form values in the customize tab in the backend. Currently you use template syntax like:
value="<%= ... %>"
This does not escape the value which can break the form fields.
The proper way would be:
value="<%- ... %>"   For example this leads to problems in the field. I want to specify the email and name of the sender therefore I enter the following in the form field:
"Firstname Lastname" <>
After saving the form and reloading the page the field is broken (due to the use of double quotes).. Kind regards
1 Answers
Nikola Loncar Staff answered 4 years ago
Hi Carsten, you are right. It will be part of new version that is planned to be released within next 24h. Thanks for reporting that. :) Best regards, Nikola