Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Template Questions /

&gt; and &lt; Rendered in Template Instead of <>


Reply


8 Posts   3787 Views

Avatar
Garrett

Community Member, 245 Posts

10 March 2012 at 5:44am

Hi,

I am having a hell of a time rendering a $Title variable in the template which contains HTML. Somewhere between the controller and the template

< and >

are being replaced with

&lt; and &gt;

as well as many other characters. I've tried absolutely everything to prevent this and to re-replace them but to no avail. The title is plain text in the database, but I have some titles which are Tweets, and so in the controller, in my DataObject::get() result I am parsing them to change the parts that are supposed to be links into links. They come back from the parser perfectly:

horngroup: <a href="http://twitter.com/#!/search?q=%23Apple" target="_blank">#Apple</a> Announces A $499 Retina-Equipped <a href="http://twitter.com/#!/search?q=%23iPad" target="_blank">#iPad</a> (It’s Just Called iPad) <a href="http://t.co/cFPe1HPg" target="_blank">http://t.co/cFPe1HPg</a> <a href="http://twitter.com/#!/search?q=%23appleevent" target="_blank">#appleevent</a>


But when I render $Title in the template, it looks like this:

horngroup: &lt;a href=&#39;http://twitter.com/#!/search?q=%23Apple&#39; target=&#39;_blank&#39;&gt;#Apple&lt;/a&gt;’s new &lt;a href=&#39;http://twitter.com/#!/search?q=%23iPad&#39; target=&#39;_blank&#39;&gt;#iPad&lt;/a&gt;: 9 features that matter &lt;a href=&#39;http://t.co/IOwFyCii&#39; target=&#39;_blank&#39;&gt;http://t.co/IOwFyCii&lt;/a&gt;

First of all, why is this happening, and second, how can I stop it? It seems I need a method ion the template itself to render it as HTML but I can't figure it out. Any help out there?

$stream_items = DataObject::get($table,
               "`Category`.`CategoryFilterURL` = '".$url."'","Date DESC",
               "LEFT JOIN `".$table."_Categories` ON `".$table."_Categories`.`".$table."ID` = `".$table."`.`ID`
               LEFT JOIN `Category` ON `Category`.`ID` = `".$table."_Categories`.`CategoryID`",
               $limit);
            foreach($stream_items as $stream_item) {
               
               $IsTweet = false;
               // if is Tweet
               if($stream_item->ClassName=="ExternalBlogEntry") {
                     
                  $IsTweet = true;
                     
                  $text = $stream_item->Title;
                  $text = $this->parseTweet($text);
                  $stream_item->Title = $text;
                  
               }
               $stream_item->IsTweet = $IsTweet;
            }
            return $stream_items;

The Title is a property within the $stream_items object.

Thanks,
Garrett

Avatar
Willr

Forum Moderator, 5513 Posts

12 March 2012 at 9:20pm

Every field you output to the template is run through XML() to make sure it is HTML sure it doesn't cause trouble with XSS. If you field contains HTML which you want to be rendered, ensure it is a 'HTMLText' data type rather than Varchar.

Avatar
Garrett

Community Member, 245 Posts

13 March 2012 at 3:56am

Hi @willr, thanks for replying - I had a feeling this was the issue, though I am very reluctant to modify core files. The Title field is declared in SiteTree.php. Is there a way to overload this field in mysite code, in _config.php or otherwise?

//Garrett

Avatar
Willr

Forum Moderator, 5513 Posts

13 March 2012 at 12:32pm

Create a new variable for it and add it to the casting list

static $casting = array(
'HTMLTitle' => 'HTMLText'
);

function getHTMLTitle() {
return $this->Title;
}

Then use $HTMLTitle rather than $Title.

Avatar
Garrett

Community Member, 245 Posts

20 March 2012 at 4:52am

Done-zo. Thanks as always @willr.

//Garrett

Avatar
s20529334

Community Member, 2 Posts

12 March 2014 at 6:11am

Hello Willr,

To which file do I add this code you pasted in your previous comment? I'm quite new to PHP and Wordpress, please help. I have Google tracking code that I need to change as it's showing the following "&gt" instead of the greater as sign:

<p><!-- Google Code for Website Inquiry | Nanosoft | Web Design Conversion Page --><br />
<script type="text/javascript">
/* < ![CDATA[ */
var google_conversion_id = 1053283348;
var google_conversion_language = "en";
var google_conversion_format = "1";
var google_conversion_color = "ffffff";
var google_conversion_label = "_WroCLSMpQgQlKif9gM";
var google_remarketing_only = false;
/* ]]&gt; */
</script><br />
<script type="text/javascript" src="//www.googleadservices.com/pagead/conversion.js">
</script></p>
<noscript>
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="//www.googleadservices.com/pagead/conversion/1053283348/?label=_WroCLSMpQgQlKif9gM&amp;guid=ON&amp;script=0"/>
</div>
</noscript>

Avatar
Willr

Forum Moderator, 5513 Posts

12 March 2014 at 6:25pm

This is because your field type doesn't support HTML . You need to make sure your Database field that you're rendering into your page is of type HTMLText *or* you have a wrapper which returns a field of HTMLText.

See http://doc.silverstripe.org/framework/en/topics/data-types for more information.

So for this case, you may have a field called 'GoogleCodeField' which is of type 'HTMLText'

private static $db = array(
'GoogleCodeField' => 'HTMLText'
);

public function getCMSFields() {
$fields = parent::getCMSFields();
$fields->addFieldToTab('Root.Main', new TextareaField('GoogleCodeField');

return $fields;
}

Avatar
s20529334

Community Member, 2 Posts

13 March 2014 at 2:49am

Hello Willr,

I appreciate your help so far, however I'm still a bit confused. The piece of code you gave me in the forum below, do I just add this somewhere within that same PHP page with Google code or what? I'm quite new to PHP, but I only need to make this Google tracking code work. Also, where can I get an eBook to teach me all I need to know about this language?:

private static $db = array(
'GoogleCodeField' => 'HTMLText'
);

public function getCMSFields() {
$fields = parent::getCMSFields();
$fields->addFieldToTab('Root.Main', new TextareaField('GoogleCodeField');

return $fields;
}