0

HTML Data Escaping

When your application exchanges data between LogicNets and external systems using the ApplicationRunnerWebService, there are some considerations to take into account.

Imported XML Element Values will be HTML-Unescaped by LogicNets
LogicNets assumes that all element values are HTML-escaped, because the value could otherwise be interpreted as XML elements. LogicNets will unescape all values to obtain the actual intended value. This means that you need to take special care when using these values as displayed data on the front end/in the model. If the data needs to be displayed without being interpreted as HTML by the browser, the value needs to be double-escaped.
For example, the following single escaped value:

 

will become the following in LogicNets:

 

and it will be displayed as 'valid' HTML, hiding the div elements and activating the possible css styling. It will show as Some Styled Text.

If the value should be displayed as a literal string that shows the div elements, the value needs to be double-escaped:


 
LogicNets HTML-Escapes all UI Values
LogicNets stores all values of regular inputs as HTML-escaped values. We do this to prevent displaying these values to break/modify other HTML content and to prevent malicious code to be executed in the browser.


The generic data exchange processing of LogicNets has no real knowledge about if the content should be escaped once or multiple times. This means that consuming systems that process these values need to know what the data is intended for or the modeling must take care to correctly escape values.

Reply Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
Like Follow
  • 7 mths agoLast active
  • 6Views
  • 3 Following

Home