This content has been marked as final. Show 4 replies
1) This functionality seems to have changed (improved) in 4.2 and is not an issue.
2) I think the part that escapes the data is "page items to submit"
If my PL/SQL process is
Then I see
:P1_TEST := :P1_TEST||'Hello <i>world</i>';
hello <b>world</b>Hello world
So I'm confident someone might think of a workaround for 4.x
please note that sequence of this true action should be after your pl/sql true action
I like the suggestion and see how it should work, but I've tried it in chrome/IE8 and it had no effect.
I confirmed it executed via the console, and adding an alert message in the same action.
Any word from the APEX team as to whether this is a known bug, considering the change in behaviour in 4.2?
This was indeed a change of behaviour from 4.1.1 to 4.2 and has to do with how APEX handles input escaping (or when saving values into session state). I should say, we plan to revisit the current behaviour to make this more transparent and obvious, but that won't be for 4.2, for your information.
As you identified, the escaping is happening as part of the 'Page Items to Submit' functionality, so in other words when the item value is saved in session state. APEX has some predefined rules about when and when not to do input escaping based on the item type, and this is what has changed slightly from 4.1.1 to 4.2.
In 4.1.1, regardless of whether item values are set via the URL or via an Ajax call, the same rules applied for when APEX does input escaping. We always input escape the 'safe' item types. These types used to be documented in the 3.2 documentation, here: http://docs.oracle.com/cd/E14373_01/appdev.32/e11838/sec.htm#CDDBBECI
(Obviously the item types have changed slightly with the consolidation of some of those into single items, with different settings. But hopefully that is still of use, and we no longer cite them in the same way in recent documentation so I couldn't link to something more recent.)
In 4.2, this behaviour was 'relaxed' slightly, such that this logic only kicks in when setting values over the URL, not for Ajax calls. This is why this is no longer an issue with your DA, because we no longer obey the same item type escaping in the context of an Ajax call.
Hope that helps,