Support forumCategory: BugsCustomize: Form fields need proper escaping
Carsten asked 1 year ago

you should properly escape the form values in the customize tab in the backend. Currently you use template syntax like:

value="<%= ... %>"

This does not escape the value which can break the form fields.
The proper way would be:

value="<%- ... %>"
For example this leads to problems in the field. I want to specify the email and name of the sender therefore I enter the following in the form field:

"Firstname Lastname" <>

After saving the form and reloading the page the field is broken (due to the use of double quotes)..
Kind regards

1 Answers
Nikola Loncar Staff answered 1 year ago

Hi Carsten,

you are right. It will be part of new version that is planned to be released within next 24h. Thanks for reporting that. 🙂

Best regards,