Case Description shows HTML <p>

Oddl,

I too came across this problem and started to dig around. I have used SuiteCRM 7.1 for my own internal purposes, but now I thought I would use it as a contrived project management tool for each new project I work on. As such I loaded up 7.4 configured it to my liking and was overall pleased with all the new features, except the HMTL problem which creeps up in other areas as well. Since I need it outward facing for my clients, I was horrified when I saw this as I had just created a new case. I have a workflow trigger scheduled to email my client contacts on new case creation. Emails are fine in rendering the markup , but when I’m sending a direct link within the email to the case it would be quite embarassing to me. Thus went to the forum and saw your posting.

Let me say first, I am shocked that this has not been taken care of and responded to appropriately. I know they are running a very thin shop but something like this should not have made it out for release .Even the most cursory testing would have caught this. . Most responses have been quite unsatisfactory and not real helpful. I agree as to what’s the point in providing HMTL Wyswig if your going to suppress it within the interface.

As far as the security issue, escaping markup should be made a configurable option in the administration area. Therefore, eliminate the debate right from the start and let folks proceed at their own risk once the transparency veil is lifted and a solution has been provided.

Now that’s taken care of, I’ll give you the fix , which by the way is not all elegant and breaks all the principles of software engineering. However, I had to do something quick as all of the previous posts where either vague, misleading and | or did not work at all. Yes, I wasted much time here as well. Total time to fix this, albeit temporarily was about an 1.5 hrs.

  1. I went to Git and noticed the changes which were made to include/Smarty/plugins/function.sugarvar.php

  2. Within function.sugarvar.php
    a) Goto Line #95 and comment out the 3 lines dealing with the html escape functionality thereby removing it. Should look like this below:

    /**
    if(!empty($displayParams[‘htmlescape’])){
    $_contents .= ‘|escape:‘html’’;
    }
    */

  3. Do a quick repair & rebuild to flush the system cache.

NOTE: I have not really tested this fully and hope it will globally fix the rendering issues for now until it is captured within the next update.

Let’s hope this gets fixed systematically in the future. Apologize for the rant, but this is really quite unacceptable along the lines of the JOT dashlet tool issue.

Best Regards,
Scott

6 Likes