This discussion is archived
4 Replies Latest reply: Sep 26, 2012 7:49 AM by AnthonyRayner RSS

Display item with HTML affected by dynamic action

scott.wesley Guru
Currently Being Moderated
Hi,

I'm using APEX 4.1.1

I have a item P1_TEST set as "Display only", escaping special characters "no", and the source as pl/sql expression of
'hello <b>world</b>'
I then create a dynamic action executing PL/SQL on click of a button.
P1_TEST is listed in both "page items to submit" and "page items to return", and it doesn't matter what happens in the pl/sql code - it could just be null;

When opening the page, I see
hello world
as desired.

After clicking the button, the field contents become escaped and I see
hello <b&GT;world</b>
which is not desired.

Is this expected behaviour / a bug? Is there a workaround?

Cheers
Scott
  • 1. Re: Display item with HTML affected by dynamic action
    scott.wesley Guru
    Currently Being Moderated
    Two updates:
    1) This functionality seems to have changed (improved) in 4.2 and is not an issue.
    2) I think the part that escapes the data is "page items to submit"
    If my PL/SQL process is
    :P1_TEST := :P1_TEST||'Hello <i&gt;world</i&gt;';
    Then I see

    hello <b&gt;world</b&gt;Hello world

    So I'm confident someone might think of a workaround for 4.x

    Scott
  • 2. Re: Display item with HTML affected by dynamic action
    VC Guru
    Currently Being Moderated
    Scott,

    As a workaround create a true action in your dynamic action that executes JavaScript code as below
    $s('P1_TEST',unescape($v('P1_TEST')));
    http://www.w3schools.com/jsref/jsref_unescape.asp

    please note that sequence of this true action should be after your pl/sql true action

    Thanks,
    Vikram
  • 3. Re: Display item with HTML affected by dynamic action
    scott.wesley Guru
    Currently Being Moderated
    I like the suggestion and see how it should work, but I've tried it in chrome/IE8 and it had no effect.

    I confirmed it executed via the console, and adding an alert message in the same action.

    Any word from the APEX team as to whether this is a known bug, considering the change in behaviour in 4.2?
  • 4. Re: Display item with HTML affected by dynamic action
    AnthonyRayner Pro
    Currently Being Moderated
    Hi Scott,

    This was indeed a change of behaviour from 4.1.1 to 4.2 and has to do with how APEX handles input escaping (or when saving values into session state). I should say, we plan to revisit the current behaviour to make this more transparent and obvious, but that won't be for 4.2, for your information.

    As you identified, the escaping is happening as part of the 'Page Items to Submit' functionality, so in other words when the item value is saved in session state. APEX has some predefined rules about when and when not to do input escaping based on the item type, and this is what has changed slightly from 4.1.1 to 4.2.

    In 4.1.1, regardless of whether item values are set via the URL or via an Ajax call, the same rules applied for when APEX does input escaping. We always input escape the 'safe' item types. These types used to be documented in the 3.2 documentation, here: http://docs.oracle.com/cd/E14373_01/appdev.32/e11838/sec.htm#CDDBBECI

    (Obviously the item types have changed slightly with the consolidation of some of those into single items, with different settings. But hopefully that is still of use, and we no longer cite them in the same way in recent documentation so I couldn't link to something more recent.)

    In 4.2, this behaviour was 'relaxed' slightly, such that this logic only kicks in when setting values over the URL, not for Ajax calls. This is why this is no longer an issue with your DA, because we no longer obey the same item type escaping in the context of an Ajax call.

    As a workaround for 4.1.1, I would suggest to use a non-safe item type to set your value into (eg a 'Hidden' type), then use JavaScript just to copy that over to your displayed item. The 'unescape' function didn't work, because that does URL unescaping, not HTML unescaping.

    Hope that helps,
    Anthony.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points