search

Tangerine-Community / Tangerine

Digitize your offline data collection. Create your Forms online with Tangerine Editor, conduct them offline with the Tangerine Android App. All results you collect can be exported as a CSV file, easy for processing in a spreadsheet. Tangerine has been used in over 1 million assessments and surveys in over 60 countries and in 100 languages.
http://www.tangerinecentral.org/
GNU General Public License v3.0
49 stars 30 forks source link

Html containing quotations in label of option values for Checkboxes and Radio buttons break the form #2453

Closed lachko closed 3 years ago

lachko commented 3 years ago

HTML code in the option value of a form's radio button or checkbox option breaks the form

If we add an input as below and then open this input in Edit mode and save. The form is broken and all code moves to an HTML container.

 <tangy-radio-buttons name="contacted_by_school" required="" question-number="12." label="How frequently have you been contacted by any school official or representative (i.e. group leader) (by phone or in person, or by sms, email, FB messenger, group chats and/or other forms of communication) in the last four weeks
//  <font style='color: red;'>Gaano kayo kadalas na kinapapanayam ng kahit na sinong opisyal o kinatawan (hal. lider ng grupo) ng paaralan (sa pamamagitan ng telepono o personal, text, email, FB Messenger, group chat o iba pang klase ng komunikasyon) sa huling apat na linggo?
</font>  //  <font style='color: blue;'>Pirang beses kamo kinakaulay kan mga opisyal o representante (hal. lider kan grupo) (sa paagi nin telepono o personal, text, email, FB Messenger, chat group o iba pang paagi nin komunikasyon) sa huring apat na semana? </font>
" hint-text="<em>Read aloud each response option.  Tick the best option</em>" error-text="" warn-text="" class="" style="">

          <option value="1">
Daily
//  <font style="color: red;">Araw-araw
</font>  //  <font style="color: blue;">Aroaldaw</font>
</option>

          <option value="2">
Weekly 
//  <font style="color: red;">Lingguhan
</font>  //  <font style="color: blue;">Surusemana</font>
</option>

          <option value="3">
Once or twice 
//  <font style="color: red;">Isa o dalawang beses
</font>  //  <font style="color: blue;">Saro o duwang beses</font>
</option>

          <option value="4">
No communication 
//  <font style="color: red;">Walang komunikasyon
</font>  //  <font style="color: blue;">Mayong komunikasyon</font>
</option>

      </tangy-radio-buttons>
rjcorwin commented 3 years ago

We should escape input and then unescape it when presenting prior input. This is true for any place we are taking user input in tangy form editor. There are probably many more places where double quotes can break a form.

rjcorwin commented 3 years ago

Here is the example: https://glitch.com/edit/#!/atlantic-torpid-beluga?path=index.html%3A14%3A15

Open the item, edit the tangy-radio-butons, then save the radio buttons. Notice how markup gets removed.

lachko commented 3 years ago

Confirm fixed