MODX Community

FormIt AllowTags literally displays tags in emails (SOLVED)

I have a FormIt form with a pre-filled textarea field. The content of this field is basically a message containing multiple paragraphs that users can amend using a TinyMCE editor. Upon submitting the form, I need this field with all its tags to be sent in an email. I’ve tried the following:

&validate=`message:allowTags

But instead of parsing the tags in the email, it literally displays tags in the email body, so the recipient sees something like this:

<p>Hello World</p><p>How are you today?</p>

How do I get FormIt to allow tags in a textarea field and process them in the output email to retain the styling?

From the FormIt documentation:
“As of FormIt 2.2.9, all fields will automatically have html_entities applied. To allow HTML tags to be saved/stored, you will need to use the allowSpecialChars validator on each field, that should save raw html tags.”

That was the first thing I tried, but allowSpecialChars didn’t seem to do anything when I used

`&validate=`message:allowSpecialChars`

The tags were stripped. With allowTags the tags were retained but were treated as plain text in the email.

I think you have to use both allowTags and allowSpecialChars.

&validate=`message:allowTags:allowSpecialChars`
1 Like

Whoa… that actually worked! I tried all combinations of validators and output modifiers but would never have thought of using both validators together. Thanks for your help! :smiley:

Do you really want to open your form for XSS? Please make sure that scripts are not executed in your mail client and in your webmailer. FormitSaveForm should not be called, to stay safe in the backend.