17488 Posts in 4473 Topics by 1978 members
|
Page:
1
|
Go to End | |
| Author | Topic: | 1794 Views |
-
Difference in templates between TEXT and VARCHAR
29 October 2007 at 10:24am
Hi,
I noticed there must be some difference in the way SS treats variables of a different fieldtype in a template.
In order to get working html out of a varchar variable, I have to use:
$VarcharVariable.RAW
otherwise it is 'htmlspecialcharred'...
while with text it can just be$TextVariable
and to have that one 'cleaned' I need to use
$TextVariable.XML
Any clues on this one..?
I didn't expect this, couldn't find anything about this in http://doc.silverstripe.com/doku.php?id=data-types
-
Re: Difference in templates between TEXT and VARCHAR
29 October 2007 at 10:42am
If you plan on storing HTML in a varchar variable, use the field type HTMLVarchar instead.
There is also an HTMLText variable that you should use. Text variables aren't escaped by default, but this is a bug in there for legacy reasons.
In short, use the field types with the "HTML" prefix, this tells the template systems not to escape the data before putting it in the template.
-
Re: Difference in templates between TEXT and VARCHAR
29 October 2007 at 10:52am
Well,
I wasn't planning on using HTML in them, just trying to crack it, see what would happen if I did and so I discovered the difference.
I was planning to use the built-in pagecomments but change them so users could use (some) html in them. By default I see that Text is used there, so maybe I better change this to HTMLText.
-
Re: Difference in templates between TEXT and VARCHAR
29 October 2007 at 1:39pm
That's right. You'll have to be careful not to allow cross-site scripting, of course! One thing that you could consider doing is making a new field type, called SafeHTMLText:
class SafeHTMLText extends Text {
function SafeHTML() {
return some_processing_of($this->value);
}
}You can then make your Comment field of tpye SafeHTMLText, and in your template, put:
$Comment.SafeHTML
| 1794 Views | ||
|
Page:
1
|
Go to Top |
