Status: Open
Status: Answered
Status: Closed
Status: Duplicate

Inconsisent Handling of Apmersand

Posted Jun 15 by John Rusling.

While working with an admin form we have created we noticed that the ampersand is sometimes not rendering correctly and is not storing correctly on a DB update. If we enter something like "Cats & Dogs" it stores in the DB as "Cats & Dogs" (HTML tag for &). To counter this I am taking my SQL string and executing a replace to change the HTML tag for the simple ampserand. This is now storing correctly in the DB but just after the update the text fields revert to the HTML tag. Closing and reloading record results in a correct rendering. While I have a work around it seems awkward and should not be necessary. Is this a common issue?

3 Answers

BEST ANSWER: As chosen by the author.

Hi John,


Metastorm has a feature that escapes potential  "unsafe" characters from the user inputs. They then end up as the escaped characters in the database. When forms are reloaded, they do not "un" escape these characters again….or so it seems to me as I am also struggling with the same issue.


There are options that can be set in the Web.config to turn this Html "sanitation" off but this leaves a gap in terms of security to keep hackers out. (<add key="SanitizeUserInputs" value="0" />)


I ended up writing a function to escape the text before it goes to the Metastorm engine for processing. On the form load I then "un" escape it again.


Maybe there is a better option out there. Will be good to get more info.

BEST ANSWER: As chosen by the author.

I have seen similar behaviour with the actual form name.


For example, we have a form called 'Audit & History'. Sometimes this is rendered correctly in the form tabs and sometimes it comes out as 'Audit & History'. Very annoying!

BEST ANSWER: As chosen by the author.

I am facing the same issue for the browser… https SSL connection.


Was there any resolution? Pls suggest..

 You have subscribed and will receive email notifications of updates to this topic. To unsubscribe, uncheck the checkbox.


Related categories

Your answer

To leave an answer, please sign in.