You are viewing limited content. For full access, please sign in.

Question

Question

Workaround for Laserfiche Forms Escaping Custom HTML

Forms
Updated 8 hours ago
asked on June 26

I am trying to dynamically update a URL hyperlink in forms using JavaScript, an Entry ID field, and a custom HTML field, but the URL is not updating because Forms keeps auto-sanitizing the custom HTML field of raw tags like <a>, <div>, or <script>. The element escapes and is rendered as plain text. 

Has anyone found a way to trick forms so that it does not auto sanitize a custom HTML field?

0 0

Replies

replied on June 26

We sanitize dangerous html like script tags, but standard elements like a, div are allowed. If all you need is a link, you shouldn't need a script.

We added some leniency in the sanitization of html in the latest version of self-hosted and cloud.

If you can share your code or a little more about what link you are trying to create I can help solve your problem.

1 0
replied 8 hours ago

Hi Zachary, 

Thanks for the follow up. I would like to have the ability to update an entry ID field manually and have an updated public URL link updated with the appropriate entry ID number attached. 

Here's the JS:

(function() {
  console.log('Script loaded');

  function setupLinkForInput(input) {
    let container = document.getElementById('docLinkHolder');
    if (!container) {
      container = document.createElement('div');
      container.id = 'docLinkHolder';
      container.style.padding = '10px';
      input.insertAdjacentElement('afterend', container);
    }

    let link = container.querySelector('a.publicDocLink');
    if (!link) {
      link = document.createElement('a');
      link.className = 'publicDocLink';
      link.target = '_blank';
      link.style.color = 'blue';
      link.style.textDecoration = 'underline';
      link.style.display = 'none';
      container.appendChild(link);
    }

    function isValidDocId(val) {
      return /^\d+$/.test(val.trim());
    }

    function updateLink() {
      const val = input.value.trim();
      if (isValidDocId(val)) {
        link.href = `https://cocs-lf-1.docunavservices.com/WL-PublicWorks/laserfiche/browse.aspx?repo=Public-Works#?id=${encodeURIComponent(val)}`;
        link.style.display = 'inline';
        link.textContent = 'View Document';
        console.log( Link updated to:', link.href);
      } else {
        link.href = '#';
        link.style.display = 'none';
        link.textContent = '';
        console.log('Invalid or empty ID, link hidden');
      }
    }

    updateLink();

    input.addEventListener('input', updateLink);
    input.addEventListener('change', updateLink);
    input.addEventListener('keydown', (e) => {
      if (e.key === 'Enter') {
        e.preventDefault();
        updateLink();
      }
    });
  }

  function init() {
    let tries = 30; // 9 seconds max

    function poll() {
      const input = document.getElementById('Field93');
      if (input) {
        console.log('Field93 found by polling');
        setupLinkForInput(input);
      } else if (tries > 0) {
        tries--;
        console.log('Waiting for Field93 by polling...');
        setTimeout(poll, 300);
      } else {
        console.error('Field93 not found after polling timeout.');
      }
    }

    poll();
  }

  if (document.readyState === 'loading') {
    document.addEventListener('DOMContentLoaded', init);
  } else {
    init();
  }
})();

When I run the script manually in the console it works perfectly (see attached) but not in a live document

Console.png
Console.png (149.09 KB)
Download
0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...