Gravity Support Forums Topic: Unnecessary esc_html() in get_checkbox

Gravity Support Forums Topic: Unnecessary esc_html() in get_checkbox_choices()? https://legacy.forums.gravityhelp.com/topic/unnecessary-esc_html-in-get_checkbox_choices Gravity Support Forums Topic: Unnecessary esc_html() in get_checkbox_choices()? en-US Mon, 20 Apr 2026 01:16:43 +0000 http://bbpress.org/?v=1.0.1 <![CDATA[Search]]> q https://legacy.forums.gravityhelp.com/search.php m4change on "Unnecessary esc_html() in get_checkbox_choices()?" https://legacy.forums.gravityhelp.com/topic/unnecessary-esc_html-in-get_checkbox_choices#post-16789 Fri, 21 Jan 2011 15:47:49 +0000 m4change 16789@https://legacy.forums.gravityhelp.com/ Just an update for those of you still looking to hack up gforms to allow this, as of RC3, --- in common.php: find 'public static function get_checkbox_choices($field, $value, $disabled_text){' at 1114: replace esc_html($choice["text"]) with $choice["text"] at 1145: replace esc_html($choice["text"]) with $choice["text"] ------ in js.php: find 'function GetFieldChoices(field){' ~lines 2094-2101 replace \" with ' m4change on "Unnecessary esc_html() in get_checkbox_choices()?" https://legacy.forums.gravityhelp.com/topic/unnecessary-esc_html-in-get_checkbox_choices#post-12843 Wed, 17 Nov 2010 17:45:53 +0000 m4change 12843@https://legacy.forums.gravityhelp.com/ I just ran across this issue and I do agree it's a bit of a pain and I hate to rely on javascript but the admin editor certainly does break when you inject HTML. edit: I'm the big jerk that just broke the rules and edited my common.php lines 1054 and 1008 to remove the esc_html() function and js.php lines 2001-2004 to change \" to ' <pre><code>str += "<li><input type='" + type + "' class='gfield_choice_" + type + "' name='choice_selected' id='choice_selected_" + i + "' " + checked + " onclick='SetFieldChoice(" + i + ");' />"; str += "<input type='text' id='choice_text_" + i + "' value='" + field.choices[i].text + "' onkeyup=\"SetFieldChoice(" + i + ");\" class='field-choice-input field-choice-text' />"; str += "<input type='text' id='choice_value_" + i + "' value='" + value + "' onkeyup=\"SetFieldChoice(" + i + ");\" class='field-choice-input field-choice-value' />"; str += "<input type='text' id='choice_price_" + i + "' value='" + price + "' onchange=\"SetFieldChoice(" + i + ");\" class='field-choice-input field-choice-price' />";</code></pre> dbone on "Unnecessary esc_html() in get_checkbox_choices()?" https://legacy.forums.gravityhelp.com/topic/unnecessary-esc_html-in-get_checkbox_choices#post-6062 Thu, 03 Jun 2010 16:43:59 +0000 dbone 6062@https://legacy.forums.gravityhelp.com/ Created this JS to use in the interim until support is added in core. Obviously change the identifier to the classes for your checkbox list in your form in the for loop. <pre><code>// Unescape for (i = 1; i <= 8; i++) { unescape_html("li.gchoice_21_" + i + " label"); } function unescape_html(node) { var escaped_string = $(node).html(); $(node).html(unescape_string(escaped_string)); } function unescape_string(html) { var htmlNode = document.createElement("span"); htmlNode.innerHTML = html; if(htmlNode.innerText !== undefined) return htmlNode.innerText; // IE return htmlNode.textContent; // FF }</code></pre> Credit to Marcus Phillips on <a href="http://erlend.oftedal.no/blog/?blogid=14" rel="nofollow">http://erlend.oftedal.no/blog/?blogid=14</a> for the unescape_string function. sc0ttkclark on "Unnecessary esc_html() in get_checkbox_choices()?" https://legacy.forums.gravityhelp.com/topic/unnecessary-esc_html-in-get_checkbox_choices#post-5790 Wed, 26 May 2010 13:20:42 +0000 sc0ttkclark 5790@https://legacy.forums.gravityhelp.com/ All that matters is the front end. Don't escape the HTML in the labels on the front end and I believe 99% of people's needs are filled. Carl Hancock on "Unnecessary esc_html() in get_checkbox_choices()?" https://legacy.forums.gravityhelp.com/topic/unnecessary-esc_html-in-get_checkbox_choices#post-5789 Wed, 26 May 2010 12:11:20 +0000 Carl Hancock 5789@https://legacy.forums.gravityhelp.com/ @scott the labels are having their HTML escaped because the labels are used in a variety of places, not just the front end. They are used in numerous places in the admin for display where having HTML within them would cause issues with admin UI display. sc0ttkclark on "Unnecessary esc_html() in get_checkbox_choices()?" https://legacy.forums.gravityhelp.com/topic/unnecessary-esc_html-in-get_checkbox_choices#post-5754 Tue, 25 May 2010 10:36:45 +0000 sc0ttkclark 5754@https://legacy.forums.gravityhelp.com/ @Carl Hancock, why are labels having their HTML escaped when they are labels and not the value being submitted via $_POST? Remove esc_html from the labels in common.php and you instantly have "HTML" support, keep it in the value fields and all is good. Kevin Flahaut on "Unnecessary esc_html() in get_checkbox_choices()?" https://legacy.forums.gravityhelp.com/topic/unnecessary-esc_html-in-get_checkbox_choices#post-3431 Tue, 16 Feb 2010 16:53:54 +0000 Kevin Flahaut 3431@https://legacy.forums.gravityhelp.com/ The jQuery solution was simply proposed as a bridge until we add this functionality in a future release. Nobody is advocating you use it if you don't like it, it's just another option. Carl Hancock on "Unnecessary esc_html() in get_checkbox_choices()?" https://legacy.forums.gravityhelp.com/topic/unnecessary-esc_html-in-get_checkbox_choices#post-3423 Tue, 16 Feb 2010 15:38:43 +0000 Carl Hancock 3423@https://legacy.forums.gravityhelp.com/ We'll look into the subscribe to topics not working. We use a bbPress plugin for that so we will have to see whats going on. We aren't advocating jQuery as the right way to go for everything, however until certain features are added natively to Gravity Forms, sometimes it's the only option until we release updates to Gravity Forms. HTML is stripped from checkbox labels right now because until we implement value/label capabilities as a native feature to Gravity Forms, the label is used as the value for the checkbox. We do plan on changing this in one of the upcoming releases. Just keep in mind that while Gravity Forms is very mature, it is still very new. We are constantly adding new features and improving things and we still have a laundry list of features that we plan on introducing in the future. Anonymous on "Unnecessary esc_html() in get_checkbox_choices()?" https://legacy.forums.gravityhelp.com/topic/unnecessary-esc_html-in-get_checkbox_choices#post-3419 Tue, 16 Feb 2010 15:16:19 +0000 Anonymous 3419@https://legacy.forums.gravityhelp.com/ Thanks. While I love jQuery for interactive functionality and have done a fair bit of it myself, I really dislike using it for simple formatting. It breaks when people have Javascript turned off and it causes page loads to be sluggish on slower computers. I'd far, far prefer to do that kind of coding in PHP on the server (where it was meant to be done! :) How about another solution? How about adding a 'gform_field_input' hook to get field input and instead of directly sprint()ing or returning you first pass through said filter? BTW, I'm not getting email notifications even though I check "Subscribe to this Topic via Email." Are your email notifications not working? Kevin Flahaut on "Unnecessary esc_html() in get_checkbox_choices()?" https://legacy.forums.gravityhelp.com/topic/unnecessary-esc_html-in-get_checkbox_choices#post-3413 Mon, 15 Feb 2010 21:21:17 +0000 Kevin Flahaut 3413@https://legacy.forums.gravityhelp.com/ If you're just looking for "user friendly" text on the front end, you can do this pretty simply with just a few lines of jQuery... even with HTML content. Basically, you use the script to replace the html content of the label client side. I created a normal checkbox field with 4 options, simply labeled 1-4. <a href="http://grab.by/2rFB" rel="nofollow">admin screenshot</a> I viewed the source and grabbed the unique classes for the labels (actually the parent list item) and replaced the label content based on inheritance from there. <pre><code><script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function() { $('li.gchoice_9_1 label').html('I like option one because it is <a href="http://www.yoursite.com/awesome/" target="_blank">awesome</a>.'); $('li.gchoice_9_2 label').html('but I might like option two when you think of it'); $('li.gchoice_9_3 label').html('option three is looking pretty good though'); $('li.gchoice_9_4 label').html('and option four could do the trick'); $('li#field_1_9 .gfield_description').insertAfter($('li#field_1_9 .gfield_label')); }); </script></code></pre> You'll notice that I actually repositioned the "gfield_desciption" div immediately below the main field label as well. Note: if you're already loading jQuery in your theme, you can omit the initial script reference. here's my <a href="http://grab.by/2rGk" rel="nofollow">sample form screenshot</a> from the front end, and you'll see that the original value is still passed in the form - <a href="http://grab.by/2rGu" rel="nofollow">admin screenshot</a>