4 Replies Latest reply on Sep 26, 2012 2:49 PM by Anthony Rayner-Oracle

    Display item with HTML affected by dynamic action

    Scott Wesley

      I'm using APEX 4.1.1

      I have a item P1_TEST set as "Display only", escaping special characters "no", and the source as pl/sql expression of
      'hello <b>world</b>'
      I then create a dynamic action executing PL/SQL on click of a button.
      P1_TEST is listed in both "page items to submit" and "page items to return", and it doesn't matter what happens in the pl/sql code - it could just be null;

      When opening the page, I see
      hello world
      as desired.

      After clicking the button, the field contents become escaped and I see
      hello <b&GT;world</b>
      which is not desired.

      Is this expected behaviour / a bug? Is there a workaround?

        • 1. Re: Display item with HTML affected by dynamic action
          Scott Wesley
          Two updates:
          1) This functionality seems to have changed (improved) in 4.2 and is not an issue.
          2) I think the part that escapes the data is "page items to submit"
          If my PL/SQL process is
          :P1_TEST := :P1_TEST||'Hello <i&gt;world</i&gt;';
          Then I see

          hello <b&gt;world</b&gt;Hello world

          So I'm confident someone might think of a workaround for 4.x

          • 2. Re: Display item with HTML affected by dynamic action

            As a workaround create a true action in your dynamic action that executes JavaScript code as below

            please note that sequence of this true action should be after your pl/sql true action

            • 3. Re: Display item with HTML affected by dynamic action
              Scott Wesley
              I like the suggestion and see how it should work, but I've tried it in chrome/IE8 and it had no effect.

              I confirmed it executed via the console, and adding an alert message in the same action.

              Any word from the APEX team as to whether this is a known bug, considering the change in behaviour in 4.2?
              • 4. Re: Display item with HTML affected by dynamic action
                Anthony Rayner-Oracle
                Hi Scott,

                This was indeed a change of behaviour from 4.1.1 to 4.2 and has to do with how APEX handles input escaping (or when saving values into session state). I should say, we plan to revisit the current behaviour to make this more transparent and obvious, but that won't be for 4.2, for your information.

                As you identified, the escaping is happening as part of the 'Page Items to Submit' functionality, so in other words when the item value is saved in session state. APEX has some predefined rules about when and when not to do input escaping based on the item type, and this is what has changed slightly from 4.1.1 to 4.2.

                In 4.1.1, regardless of whether item values are set via the URL or via an Ajax call, the same rules applied for when APEX does input escaping. We always input escape the 'safe' item types. These types used to be documented in the 3.2 documentation, here: http://docs.oracle.com/cd/E14373_01/appdev.32/e11838/sec.htm#CDDBBECI

                (Obviously the item types have changed slightly with the consolidation of some of those into single items, with different settings. But hopefully that is still of use, and we no longer cite them in the same way in recent documentation so I couldn't link to something more recent.)

                In 4.2, this behaviour was 'relaxed' slightly, such that this logic only kicks in when setting values over the URL, not for Ajax calls. This is why this is no longer an issue with your DA, because we no longer obey the same item type escaping in the context of an Ajax call.

                As a workaround for 4.1.1, I would suggest to use a non-safe item type to set your value into (eg a 'Hidden' type), then use JavaScript just to copy that over to your displayed item. The 'unescape' function didn't work, because that does URL unescaping, not HTML unescaping.

                Hope that helps,