CGBetterforms and HtmlDetectionValidation

[scotch33]

I need to stop the HtmlDetectionValidation for a field in a form where a trusted user inputs YouTube embed code to show a video. The module (rightly) blocks html code by default, however, I need to switch it off on this form, either by field or whole form.

In the help, it says (on a few of the validators) "This test is added automatically when auto-validation is enabled." By that rationale, there must be a way to DISABLE it. However, in neither the form interface nor the parameters can I see how this can be done.

Can anyone advise on how I can disable either autovalidation on the whole form or (ideally) on specific textareas.

It's also somethign I want to do for a front end form with a WYSIWYG elsewhere (and am getting the same - 'clean out the html' issue)

[DIGI3]

Can you add data-cgbf-novalidate to the field?

If that doesn't work, a somewhat complex workaround would be to convert the input to html entities (either on submit, or to a duplicated, hidden field) then convert back when reading from the db or however you're using it.

[scotch33]

Yeah - I'd hoped that, but unfortunately CalGuy's set the module so that the 'remove html tags submission' validator ignores data-cgbf-novalidate.

The help section says: "Check for HTML in input submission (HtmlDetectionValidation) This validation ensures that a user has not any injected HTML code (including potentially malicious script tags) into any submitted fields. This test is added automatically when auto-validation is enabled. Note: This validator does not obey the data-cgbf-novalidate attribute."

The way that line I have italicised is written implies that autovalidation has the ability to be enabled/disabled - but there's no further documentation expanding on that.

I'll have a play with using a script to update to html-characters on submit.