Welcome to Luminate Ideas!

Please submit all product enhancement ideas below. We welcome your feedback; your ideas will be reviewed by the Product Manager that oversees the development of that part of the product on an ongoing basis and updated with its current status monthly based on our product planning process. Ideas you submit could help us shape features currently in development or grow our repository of requirements for our next big enhancement. Thank you for taking the time to share your thoughts and expertise with us.

If you believe you are experiencing a defect please contact Support.

Add a parameter to the S8 tag to indicate whether or not to HTML encode special characters

It is common practice to use the tag combo [[T1:[[S8]]]] for the NEXTURL parameter for the UserLogin servlet for logging in or out, telling the servlet where to send the web visitor after they are logged in/out. Professional Services uses this regularly.

The T1 tag escapes the value so it can be safely used as the NEXTURL parameter. S8 grabs the current URL and HTML escapes any characters, such as the ampersand - so "&" converts to "&". The problem occurs when you have an ampersand in the URL, and the [[T1:[[S8]]]] combo is used more than once (for example logging out and then logging back in, and the tag combo is used as the NEXTURL for both commands).

This didn't used to be a problem in the past when the [[S8]] tag did not HTML escape special characters. But now it does. I am proposing that the [[S8]] tag be provided a parameter to indicate whether or not to HTML escape special characters, such as [[S8:1]] for HTML escaping, and [[S8:0]] for no HTML escaping. This would allow the developer to decide which format works best for them.

As an example to demonstrate the current issue: ...
So the first time you log out, the [[T1:[[S8]]]] combo converts ampersands to "%26amp%3B". If you then immediately log back in, you get the URL with ampersands converted to "&" which is fine. But if you log out again, the NEXTURL in the logout link becomes "%26amp%3Bamp%3B" which is translated to "&" which causes whatever is past that point in the URL to be recognized as the wrong URL parameter name. For example, "&fr_id=XXXX" after two logouts becomes "&fr_id=XXXX" and so the URL parameter is recognized as "amp;fr_id" rather than "fr_id" so the TamRaiser ID is not recognized. 

As an interim solution, I use an E130 to remove the double escaping of ampersands in the NEXTURL parameter of the logout URL. For example, I am now using [[E130:"[[T1:[[S8]]]]" "%26amp%3Bamp%3B" "%26amp%3B" replaceall]].

I understand why the S8 tag HTML encodes characters, to provide valid HTML source code. But this poses a problem for the common use of [[T1:[[S8]]]] in the NEXTURL parameter for login and logout functionality, which is used both by clients and Blackbaud's internal Professional Services staff.

  • Eric Oyler
  • May 17 2016
  • Reviewed: Voting Open
Area of the Product Content
Org/Company Name Alzheimer's Association
  • Attach files

Privacy Policy | Safe Harbor Notice | Terms of Use | Acceptable Use Policy | © 2019 Blackbaud, Inc. All Rights Reserved