Customize: Form fields need proper escaping

SupportCustomize: Form fields need proper escaping
Carsten asked 5 years ago
Hello, you should properly escape the form values in the customize tab in the backend. Currently you use template syntax like:
value="<%= ... %>"
This does not escape the value which can break the form fields.
The proper way would be:
value="<%- ... %>"
https://underscorejs.org/#template   For example this leads to problems in the send.from.email field. I want to specify the email and name of the sender therefore I enter the following in the form field:
"Firstname Lastname" <info@mysite.com>
After saving the form and reloading the page the field is broken (due to the use of double quotes).. Kind regards
Carsten
1 Answers
Nikola Loncar Staff answered 5 years ago
Hi Carsten, you are right. It will be part of new version that is planned to be released within next 24h. Thanks for reporting that. :) Best regards, Nikola