Well, i found this problem and is driving me nuts. Before posting a ticket at the trac i thought there might be an answer here. Let me describe it for you:
i use a simple ajax->link to hide my page and show a little div (something like a modal box, only home made) echo $ajax->link('Show list', '/users/ajaxListar/unassigned:31/e:'.$id, array('update'=>'ajaxLoad','before'=>'blockScreen()','loaded'=>'appearAjaxLoad()') ); quite simple, huh? well, this shows my div and the list which builds from a dbquery blah blah, finally comes the foreach part: echo $html->link($supervisor['name'], "/empresas/asignIt/e:".$e); (note: this is html->link because i need to get out of the div and return to the main page) This is fine, but, as you can see, it is some sort of "assignation" link, which i'd love to get confirmed, so i tried this: echo $html->link($supervisor['name'], "/empresas/asignIt/e:". $e,array(),"Confirm msg"); and there was the problem, the next time a rendered it, everything looked fine, exept for the confirmation, which looks like this (only the failing part): <a onClick="return confirm('Confirm msg');" ... So... this is consistent with the idea: html content should be checked for malicious code... but there's gotta be something going on with the rendering, because both ajax and html helper's function link() work ok, this fails when the call was made from an ajax-link() render. I tried to look for something suspicious on the core helper libs, but i didn't come up with some big signal like HEY, HERE I AM! and i'm not THAT skilled to find it. I also guess it could be something at the view core libs, somewhere there's gotta be some extra htmlentities() or htmlspecialchars() for the ajax response... i just couldn' find it. I could (and that's what i did so far) just forget about confirmation, but i think it deserves some review and, if it comes to that, posting a ticket at the trac. But i also know i could be missing something, hope someone can help. any ideas? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---