Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Difference in templates between TEXT and VARCHAR


Reply


4 Posts   1974 Views

Avatar
dio5

Community Member, 501 Posts

29 October 2007 at 10:24am

Hi,

I noticed there must be some difference in the way SS treats variables of a different fieldtype in a template.

In order to get working html out of a varchar variable, I have to use:

$VarcharVariable.RAW

otherwise it is 'htmlspecialcharred'...
while with text it can just be

$TextVariable

and to have that one 'cleaned' I need to use

$TextVariable.XML

Any clues on this one..?

I didn't expect this, couldn't find anything about this in http://doc.silverstripe.com/doku.php?id=data-types

Avatar
Sam

Administrator, 685 Posts

29 October 2007 at 10:42am

If you plan on storing HTML in a varchar variable, use the field type HTMLVarchar instead.

There is also an HTMLText variable that you should use. Text variables aren't escaped by default, but this is a bug in there for legacy reasons.

In short, use the field types with the "HTML" prefix, this tells the template systems not to escape the data before putting it in the template.

Avatar
dio5

Community Member, 501 Posts

29 October 2007 at 10:52am

Well,

I wasn't planning on using HTML in them, just trying to crack it, see what would happen if I did and so I discovered the difference.

I was planning to use the built-in pagecomments but change them so users could use (some) html in them. By default I see that Text is used there, so maybe I better change this to HTMLText.

Avatar
Sam

Administrator, 685 Posts

29 October 2007 at 1:39pm

That's right. You'll have to be careful not to allow cross-site scripting, of course! One thing that you could consider doing is making a new field type, called SafeHTMLText:

class SafeHTMLText extends Text {
function SafeHTML() {
return some_processing_of($this->value);
}
}

You can then make your Comment field of tpye SafeHTMLText, and in your template, put:

$Comment.SafeHTML