This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
Hi,
I noticed there must be some difference in the way SS treats variables of a different fieldtype in a template.
In order to get working html out of a varchar variable, I have to use:
$VarcharVariable.RAW
otherwise it is 'htmlspecialcharred'...
while with text it can just be
$TextVariable
and to have that one 'cleaned' I need to use
$TextVariable.XML
Any clues on this one..?
I didn't expect this, couldn't find anything about this in http://doc.silverstripe.com/doku.php?id=data-types
If you plan on storing HTML in a varchar variable, use the field type HTMLVarchar instead.
There is also an HTMLText variable that you should use. Text variables aren't escaped by default, but this is a bug in there for legacy reasons.
In short, use the field types with the "HTML" prefix, this tells the template systems not to escape the data before putting it in the template.
Well,
I wasn't planning on using HTML in them, just trying to crack it, see what would happen if I did and so I discovered the difference.
I was planning to use the built-in pagecomments but change them so users could use (some) html in them. By default I see that Text is used there, so maybe I better change this to HTMLText.
That's right. You'll have to be careful not to allow cross-site scripting, of course! One thing that you could consider doing is making a new field type, called SafeHTMLText:
class SafeHTMLText extends Text {
function SafeHTML() {
return some_processing_of($this->value);
}
}You can then make your Comment field of tpye SafeHTMLText, and in your template, put:
$Comment.SafeHTML
