Support forumCategory: BugsCustomize: Form fields need proper escaping
Carsten asked 5 months ago

Hello,
you should properly escape the form values in the customize tab in the backend. Currently you use template syntax like:

value="<%= ... %>"

This does not escape the value which can break the form fields.
The proper way would be:

value="<%- ... %>"

https://underscorejs.org/#template
 
For example this leads to problems in the send.from.email field. I want to specify the email and name of the sender therefore I enter the following in the form field:

"Firstname Lastname" <info@mysite.com>

After saving the form and reloading the page the field is broken (due to the use of double quotes)..
Kind regards
Carsten

1 Answers
Nikola Loncar Staff answered 5 months ago

Hi Carsten,

you are right. It will be part of new version that is planned to be released within next 24h. Thanks for reporting that. 🙂

Best regards,
Nikola