CODEWITHSUNDEEP
phphtmlcodeignitertinybutstrong
David Coder
David Coder

Reputation: 1138

TinyButStrong htmlconv="no" dont print string which comes after doble quotes (" ") in tooltip

I have content which comes from database. I am using TBS library with codeigniter. I am displaying content with the 200 character limit. User can see full content with mouse hover on content as tool tip. But in tool tip the string which comes after double quotes(" ") are not displaying.

enter image description here

In above image only Hello freinds print.

HTML Code :

<td><a class="tooltip-right" data-tooltip="<!--[blk4.tooltip;block=tr;comm;htmlconv=no;noerr]-->"><!--[blk4.tooltip;block=tr;comm;ope=max:200;]--></a></td>

If I remove htmlconv="no" from my HTML code then it print perfect but it prints br tag when line is break.

enter image description here

I have also tried this in controller

$string1=array("&nbsp;","<br />");
$string2=array(" ","/n");
$this->data['blk4'][]['tooltip']= str_replace($string1,string2,strip_tags($b['description']));

Any IDEA ??

Upvotes: 0

Views: 288

Answers (3)

David Coder
David Coder

Reputation: 1138

I have solved my problem by replace this line in view page:

<td><a class="tooltip-right" data-tooltip='<!--[blk4.tooltip;block=tr;comm;htmlconv=no;noerr]-->'><!--[blk4.t‌​ooltip;block=tr;comm;ope=max:200;]--></a></td>

I have change " " with ' ' in data-tooltip=' ' in above line

Upvotes: 0

Skrol29
Skrol29

Reputation: 5552

In order to have a valid content for the attribute value, you have to escape your string from XML/HTML entities and also from delimiters ". (They are other way to have an HTML valid content but is is quite more complicated.)

TBS does not give such a feature in native but you can change your data before the merging. You can also change it during the merging using an onformat or ondata parameter.

Example of escaping the data :

$x = $this->data['blk4'][]['tooltip']
$x = strip_tags($x);
$x = str_replace('"', '', $x);
$this->data['blk4'][]['tooltip'] = $x;

Upvotes: 1

Andr&#233; Laszlo
Andr&#233; Laszlo

Reputation: 15537

The htmlconv option will escape the quotation marks. Otherwise they will be included as-is (which is dangerous, and can lead to XSS vulnerabilities).

When they are included, they simply break your HTML. Let's say you want this text in your tooltip:

Watch out for "quotation" marks

The html generated will then be broken like this:

<a ... data-tooltip="Watch out for "quotation" marks">...</a>

The syntax highlighting above shows you how a parser would think that your tooltip text ends when the first quotation mark occurs.

So never ever put user input without escaping it properly (for example by using htmlconv). Instead, strip out the <br> tags, maybe using strip_tags:

$this->data['blk4'][]['tooltip'] = strip_tags($b['description']);

Upvotes: 1

Related Questions