I have a FormIt form with a pre-filled textarea field. The content of this field is basically a message containing multiple paragraphs that users can amend using a TinyMCE editor. Upon submitting the form, I need this field with all its tags to be sent in an email. I’ve tried the following:
&validate=`message:allowTags
But instead of parsing the tags in the email, it literally displays tags in the email body, so the recipient sees something like this:
<p>Hello World</p><p>How are you today?</p>
How do I get FormIt to allow tags in a textarea field and process them in the output email to retain the styling?
From the FormIt documentation:
“As of FormIt 2.2.9, all fields will automatically have html_entities applied. To allow HTML tags to be saved/stored, you will need to use the allowSpecialChars validator on each field, that should save raw html tags.”
Whoa… that actually worked! I tried all combinations of validators and output modifiers but would never have thought of using both validators together. Thanks for your help!
Do you really want to open your form for XSS? Please make sure that scripts are not executed in your mail client and in your webmailer. FormitSaveForm should not be called, to stay safe in the backend.
