Can I encode html so that F3's automatic variable escaping outputs valid HTML?

37 views
Skip to first unread message

Nuwanda

unread,
Nov 23, 2017, 5:12:38 PM11/23/17
to f3-fra...@googlegroups.com
EDIT: I can use the RAW filter for output. I suspect that's my best option.

I'm setting a variable to a link:

$f3->testLink = '<a href="http://amazon.com">Amazon</a>';



Then I'm rendering a php template:

$view=new \View;
echo $view->render('template.php');



And displaying the variable:

echo $testLink;



And because of F3's template escaping it's rendering the link code not the link itself. I can turn the escaping off globally but I'd prefer not to.

Is there a way that during assignment I can encode the link so that it will output as a link? Or another solution?

Thanks.

ved

unread,
Nov 23, 2017, 5:59:22 PM11/23/17
to f3-fra...@googlegroups.com
I'm setting a variable to a link:

$f3->testLink = '<a href="http://amazon.com">Amazon</a>';

I think the real issue is here. You shouldn't really set that entire html block to a variable but instead have only:

$f3->testlink = 'http://amazon.com';

And on the template:

<a href="{{ @testlink }}">

Which would ensure clear separation of data from presentation and allow you to change anything on the html code without touching other logic. MVC and all.

Is there any limiting reason why you're setting the variable to have the full html code?

EDIT: forgot to take the link's text in consideration. In that case use an array:

$f3->testlink = [
    'href' => 'http://amazon.com',
    'text' => 'Amazon'
];

And on the template:

<a href="{{ @testlink.href }}">{{ @testlink.text }}</a>

Nuwanda

unread,
Nov 23, 2017, 6:09:20 PM11/23/17
to Fat-Free Framework
Yes there is. I'm outputting flash messages from an array, and not all messages are simply links. Some messages contain links as well as regular text.

ved

unread,
Nov 23, 2017, 6:46:27 PM11/23/17
to Fat-Free Framework
Yes there is. I'm outputting flash messages from an array, and not all messages are simply links. Some messages contain links as well as regular text.

Yeah, see the edit to my previous message. I forgot to take that into account on my original reply.

There's still no reason to use html inside that variable. 

bcosca

unread,
Nov 23, 2017, 6:59:54 PM11/23/17
to Fat-Free Framework
@ved is right. Why mix code and html in the first place?

Nuwanda

unread,
Nov 23, 2017, 7:40:16 PM11/23/17
to f3-fra...@googlegroups.com
Well, I admit I might be showing a lack of imagination, or just be plain stupid, but I can't quite see how your solution fits.

I set some flash messages:

flashSet('You are registered');
flashSet('Want to <a href"/login">Login</a>?');
flashSet('Please complete your <a href"/profile">Profile</a> to enable extra features. And check out our <a href"/deals">latest deals</a>');
flashSet('Thanks again for registering');


Then I reroute to a new page where the messages are displayed in a PHP template.
Reply all
Reply to author
Forward
0 new messages