Encode Planon data in HTML mail merge
If this setting is set to No when executing an HTML mail merge:
• Planon data is merged with the HTML template.
• The merged HTML end result is partially encoded and cleaned. The partial encoding means that some known problematic characters in HTML are replaced, but URLs and e-mail addresses remain unchanged. In the cleaning phase, the resulting HTML is stripped from invalid/incomplete HTML tags and JavaScript.
If this setting is set to Yes when executing an HTML mail merge:
• All text entered in Planon data will be shown literally in the browser, no text will be interpreted or executed by the browser, except when the HTML template defines that a URL or email address is required.
• The HTML of the mail merge template will not be cleaned anymore, so any existing JavaScript in the template will remain.
The following rules and examples illustrate what happens if the setting is set to Yes.
Fields: if a field is included in the HTML mail merge template as a regular field, the data is encoded:
Field type | Field content | Result in merge html (source) |
|---|---|---|
String | <b>hello</b> | <b>hello</b> |
StringExtended | <b>hello 'world' </b> | <b>hello 'world' </b> |
StringExtended |  | |
URL | https://www.facebook.com/ | https://www. facebook.com/ |
String | me@me.nl | me@me.nl |
StringExtended | <script>window.alert ('show me');</script> | <script>window.alert( 'show  me'); </script> |
Expressions that have a string as input and a string as output will be encoded.
◦ formatString
◦ pretty
◦ substring
◦ toLower
◦ toUpper
◦ trim
String constants are NOT encoded.
Operators that are encoded:
• +
• If (Boolean condition) Then (result1) Else (result2)
◦ The result of an if function IS encoded
◦ Fields used in the Boolean condition are NOT encoded
Example: the field properties.Comment contains the data <b>hello</b>
Expression | Result in HTML source | Displayed in browser as |
|---|---|---|
substring(Properties.Comment,0,5) | <b>he | <b>he |
"<i>" + substring( Properties.Comment,0,5) + "</i>" | <i><b>he</i> | <b>he |
(if (Orders.Comment = "<b>hoi</b>") then "HOI" else "BOO") | BOO | BOO |
(if (Orders.Comment = "<b> hello </b>") then "<b>HOI</b>" else "BOO") | <b>HOI</b> | HOI |
If the HTML template uses Planon data (in the examples field <test>) to come to a HTML construct like a URL or a 'mailto' reference, then the encoding will behave differently and the Planon data will not be encoded.
URL | |
|---|---|
HTML template snippet | <a href="<test>">test</a> |
Input in url field | https://www.facebook.com |
Resulting HTML | <a href="https://www.facebook.com/">test</a> |
Image | |
|---|---|
HTML template snippet | <img src="<test>"> |
Input in url field | http://nl-devs95:18370/webdav/image.JPG |
Resulting HTML | <img src="http://nl-devs95:18370/webdav/image.JPG" /> |
JavaScript | |
|---|---|
HTML template snippet | <script>window.alert('<test>');</script> |
Input in url field | My popup |
Resulting HTML | <script>window.alert('My popup');</script> |