Adding an HTML anchor tag in the Label variable's Question field

rdingus · ‎10-25-2013

I used to be able to add a label variable in a catalog item that contained a HTML anchor tag in the variable's question field. The link to the url would work as desired. That was pre-Calgary. I try and the same thing in Calgary and the html doesn't render and I can't see why. Does anyone know if something in Calgary related to this changed?

Aaron40 · ‎10-25-2013

I don't remember being able to ever be able to add HTML to a label and have it work. I just tried this in the demo labs (which is on Calgary) and you cannot add HTML to the label field and actually have it work. But I worked on Aspen for over a year and don't recall being able to do it on Aspen either.

Easiest way to add a link to a form is through a UI Macro.

jim pisello · ‎10-28-2013

It's one of the arrows I keep in my SN development quiver. Throwing a quick HTML link in the Question field (or in the Help Text) seems a lot more convenient to me than setting up a new UI Macro. Now, if you need a whole bunch of links, or you want to do some other whiz-bang stuff in your catalog item then I'm with you. But if you're just talking about a single link or a bit of rich text and you aren't concerned about cross-site attacks or other security issues, I think there's certainly a valid use case for setting the glide.ui.escape_text property's value to false and putting the HTML/link in a variable's Question or Help text field.

The Question field has a limit of 255 characters, so there's a practical limit to the size of a URL or the amount of HTML that will fit. That can be changed, of course, but it's something to keep in mind. In addition, there is no syntax/error checking on these fields and the potential security issues should be carefully weighed.

CapaJC · ‎10-25-2013

I don't know about a change, but the escaping behavior for catalog variables might be controlled by the value of the glide.ui.escape_text system property.

I checked as far back as an instance created on the Aspen release, and HTML didn't get rendered unless I set glide.ui.escape_text to false. From the wiki, a property value of true will "Escape XML values at the parser level for the user interface. This will prevent reflected and stored cross site scripting attacks."

rdingus · ‎10-25-2013

Thank you! That worked. I've done this tons before Calgary. It must just be before that property was set to false before I started there.