HTML Codes are not getting escaped in text fields

[hakanxemik]

Is there a possibility to escape the values of the text fields? Or is there any options to set this?

The problem I encounter is that after setting HTML-Codes like ­ or & in text fields, they are not showing.

When someone is editing the field, he cannot see the specified codes in the field. This can be a problem because the content creators of this backend are not technically affine and can't inspect the elements and look into the values.

The Input before updating and refreshing:

After updating and refreshing:

The temporary fix I made is directly in the plugin, where the values are set to the field: wp-content/plugins/advanced-custom-fields/includes/fields/class-acf-field-text.php

// Input.
        $input_attrs = array();
        foreach( array( 'type', 'id', 'class', 'name', 'value', 'placeholder', 'maxlength', 'pattern', 'readonly', 'disabled', 'required' ) 
                as $k ) {

                      if( isset($field[ $k ]) ) {
                      /*
                          escaping values
                      */
                          if ($k == 'value') {
                              $input_attrs[$k] = htmlspecialchars($field[$k], ENT_QUOTES);
                          } else {
                              $input_attrs[$k] = $field[$k];
                          }
                  }
        }

Is there any solution to fix this?

[elliotcondon]

Hi @hakanxemik

Thanks for the bug report. I'll add this to our to-do and will hope to find a solution shortly.

[7h0m4s2]

Any update on this?

[lgladdy]

Hey @ThomasStoopendaal

We fixed this issue back in a 5.9.x release. Are you still having issues? What specific characters aren't saving correctly for you?