OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

Why does Tabulator give an error with data with "</script>" word?

  • Thread starter Thread starter Charly 9000
  • Start date Start date
C

Charly 9000

Guest
Using Tabulator, if for example, I have data from a record with this value it works: '<button>Hello</button>' but if instead I put: '<script>Hello</script>' it breaks. The problem is specifically in </script>.

Code:
<!DOCTYPE html>
<html lang="en">
    <head>      
        <link href="https://unpkg.com/tabulator-tables/dist/css/tabulator.min.css" rel="stylesheet">
        <script type="text/javascript" src="https://unpkg.com/tabulator-tables/dist/js/tabulator.min.js"></script>  
    </head>
    
    <body>
        <div id="example-table"></div>

        <script> 
                
            //sample data
            var tabledata = [
                {id:1, name:"Oli Bob" },
                {id:2, name:"Mary May"},
                {id:3, name:"Christine Lobowski"},
                {id:4, name:"<button>Margret Marmajuke</button>"}           
            ];
            
            var table = new Tabulator("#example-table", {
                height:200, // set height of table to enable virtual DOM
                data:tabledata, //load initial data into table
                layout:"fitColumns", //fit columns to width of table (optional)
                columns:[ //Define Table Columns                    
                    {title:"Name", field:"name", sorter:"string", formatter: 'text'}
                ],
            });
            
            //trigger an alert message when the row is clicked
            table.on("rowClick", function(e, row){
                alert("Row " + row.getIndex() + " Clicked!!!!");
            });
        </script>

    </body>
</html>

If I add this line it doesn't work

{id:5, name:"<script>alert(1)</script>"}

but maybe if I escape it like this, yeah

{id:5, name:"<script>alert(1)<\/script>"}

Is it correct to do it like this? Should I escape </script> ?

Do you know if there is a way to format or solve it?

I hope to be able to display this literal in a column -> "<script>Hello</ script>"

<p>Using Tabulator, if for example, I have data from a record with this value it works: '<button>Hello</button>' but if instead I put: '<script>Hello</script>' it breaks. The problem is specifically in </script>.</p>
<pre><code><!DOCTYPE html>
<html lang="en">
<head>
<link href="https://unpkg.com/tabulator-tables/dist/css/tabulator.min.css" rel="stylesheet">
<script type="text/javascript" src="https://unpkg.com/tabulator-tables/dist/js/tabulator.min.js"></script>
</head>

<body>
<div id="example-table"></div>

<script>

//sample data
var tabledata = [
{id:1, name:"Oli Bob" },
{id:2, name:"Mary May"},
{id:3, name:"Christine Lobowski"},
{id:4, name:"<button>Margret Marmajuke</button>"}
];

var table = new Tabulator("#example-table", {
height:200, // set height of table to enable virtual DOM
data:tabledata, //load initial data into table
layout:"fitColumns", //fit columns to width of table (optional)
columns:[ //Define Table Columns
{title:"Name", field:"name", sorter:"string", formatter: 'text'}
],
});

//trigger an alert message when the row is clicked
table.on("rowClick", function(e, row){
alert("Row " + row.getIndex() + " Clicked!!!!");
});
</script>

</body>
</html>
</code></pre>
<p>If I add this line it doesn't work</p>
<p>{id:5, name:"<script>alert(1)</script>"}</p>
<p>but maybe if I escape it like this, yeah</p>
<p>{id:5, name:"<script>alert(1)<strong><\/script></strong>"}</p>
<p>Is it correct to do it like this? Should I escape </script> ?</p>
<p>Do you know if there is a way to format or solve it?</p>
<p>I hope to be able to display this literal in a column -> "<script>Hello</ script>"</p>
 

Latest posts

Top