0

I have content which comes from database. I am using TBS library with codeigniter. I am displaying content with the 200 character limit. User can see full content with mouse hover on content as tool tip. But in tool tip the string which comes after double quotes(" ") are not displaying.

enter image description here

In above image only Hello freinds print.

HTML Code :

<td><a class="tooltip-right" data-tooltip="<!--[blk4.tooltip;block=tr;comm;htmlconv=no;noerr]-->"><!--[blk4.tooltip;block=tr;comm;ope=max:200;]--></a></td>

If I remove htmlconv="no" from my HTML code then it print perfect but it prints br tag when line is break.

enter image description here

I have also tried this in controller

$string1=array("&nbsp;","<br />");
$string2=array(" ","/n");
$this->data['blk4'][]['tooltip']= str_replace($string1,string2,strip_tags($b['description']));

Any IDEA ??

David Coder
  • 1,138
  • 2
  • 14
  • 48
  • I have solved my problem by replace this line in view page(HTML code) I have change "" with '' in data-tooltip='' in above line Thanx for you reply.. :) – David Coder Jul 29 '15 at 06:52

3 Answers3

1

The htmlconv option will escape the quotation marks. Otherwise they will be included as-is (which is dangerous, and can lead to XSS vulnerabilities).

When they are included, they simply break your HTML. Let's say you want this text in your tooltip:

Watch out for "quotation" marks

The html generated will then be broken like this:

<a ... data-tooltip="Watch out for "quotation" marks">...</a>

The syntax highlighting above shows you how a parser would think that your tooltip text ends when the first quotation mark occurs.

So never ever put user input without escaping it properly (for example by using htmlconv). Instead, strip out the <br> tags, maybe using strip_tags:

$this->data['blk4'][]['tooltip'] = strip_tags($b['description']);
André Laszlo
  • 15,169
  • 3
  • 63
  • 81
  • Hello sir, thanks for your answer. I have used strip_tag but it not working in tool tip don't know why ??? I have also tried to replace br tag but in tool tip nothing is working. I can remove br tag only by using htmlconv="no" line but it cuts the words which comes after double quotes (" ") in tool tip ?? :( – David Coder Jul 22 '15 at 11:41
1

In order to have a valid content for the attribute value, you have to escape your string from XML/HTML entities and also from delimiters ". (They are other way to have an HTML valid content but is is quite more complicated.)

TBS does not give such a feature in native but you can change your data before the merging. You can also change it during the merging using an onformat or ondata parameter.

Example of escaping the data :

$x = $this->data['blk4'][]['tooltip']
$x = strip_tags($x);
$x = str_replace('"', '', $x);
$this->data['blk4'][]['tooltip'] = $x;
Skrol29
  • 5,402
  • 1
  • 20
  • 25
0

I have solved my problem by replace this line in view page:

<td><a class="tooltip-right" data-tooltip='<!--[blk4.tooltip;block=tr;comm;htmlconv=no;noerr]-->'><!--[blk4.t‌​ooltip;block=tr;comm;ope=max:200;]--></a></td>

I have change " " with ' ' in data-tooltip=' ' in above line

David Coder
  • 1,138
  • 2
  • 14
  • 48