Form submission values encoded


(Nick Mok) #1

Squiz Matrix v6.38.0

I currently have a form which connects to a Rest API (via Form Submission Action > Rest Resource). This request object created by including a bit of SSJS in the request body, see below images.

This has been working. However, I’ve discovered when they are posted to the API that symbols are being converted, such as apostrophes. They come out as: ' in the API endpoint, which is not what we want.

I am retrieving the form values via the syntax %globals_post^index:q123456:q1%. See the third image for what my request body looks like (it converts to JSON). I am using template literals for printing the request body.

Does anybody know why is this happening, and is it possible to disable this and safely?

My guess is it’s being encoded via the globals_post object automatically for security, but I’m not 100% sure.

I noticed that the unescapehtml keyword modifier, it suggests with the below sentence that these values are automatically escaped when using the %globals% keyword.
“Converts the global GET/POST/SESSION/COOKIE keywords’ values to their original unescaped versions.”

Any tips or help would be recommended.

Cheers,

Source: https://matrix.squiz.net/manuals/keyword-replacements/chapters/keyword-modifiers#unescapehtml

Image 1


Image 2

Image 3
image