As designed HTML In Phrase Variables Not Being Parsed

Snog

Well-known member
#1
If you format a phrase variable with HTML, that HTML is not parsed.

IE:
Code:
<p>item 1</p><p>item 2</p><p>item 3</p>
Is displayed as plain unformatted text.
 

Brogan

XenForo moderator
Staff member
#2
Although it was stated at the beginning that phrases support HTML, they don't in all cases so that was removed a while ago.

Some do, some don't.
 

Snog

Well-known member
#3
Odd it would be removed. It comes in handy when throwing an error that applies to multiple items in say the inline mod system.

Without it, it looks like you have to throw a single error until all errors are cleared.
 

Brogan

XenForo moderator
Staff member
#4
To clarify, only the text stating that html can be used in phrases was removed.

As far as I am aware, nothing changed functionally.
 

Mike

XenForo developer
Staff member
#6
It's not really a bug if we weren't using or expecting HTML in that context. When it comes to translations, the rule of thumb is that if the English version doesn't use HTML, a translation shouldn't because we can't guarantee it'll work. It's more difficult when it comes to add-ons, but if you try to use HTML in a place we're not expecting it, then that would generally be how it's designed.

We'd need specific reproduction steps, but it's unlikely a particular context would change at this point.
 

Snog

Well-known member
#7
The reproduction steps are pretty simple.

Create a phrase with a variable. Call it threads_x_error
Code:
The threads below:{titles}Contain X and can not be deleted.
Then populate the variable and send it to the phrase:
Code:
$titles = array('ABC','DEF','GHI');
    
$sendTitles = '';
foreach($titles as $title)
{
      $sendTitles .= '<br/>' . $title . '<br />';
}
    
return $this->responseError(new XenForo_Phrase('threads_x_error',array('titles' => $sendTitles)));
And the result will be:
noformat.png

The expected result is:
expected.png
 
Last edited:

Snog

Well-known member
#8
Just to add a little twist, if you format the variable using standard \r\n, the system also completely strips that formatting making it impossible to have line feeds in a phrase variable.
 

Arty

Well-known member
#9
Try this:
Code:
return $this->responseError(new XenForo_Phrase('threads_x_error',array('titles' => $sendTitles), false));
 

Mike

XenForo developer
Staff member
#10
Indeed, the issue here is that you're trying to pass HTML in a parameter. Parameters are HTML escaped by default. Without this, you'd basically have XSSes everywhere. The "false" mentioned by @Arty disables the escaping, which means you'd be responsible for it (escaping the parts other than the HTML you're trying to inject).

So this is very much as designed.
 

Snog

Well-known member
#11
Thanks @Arty and @Mike, I had completely forgotten about the false parameter because in 99.99% of the cases it's not needed.

And of course I was also ignoring the fact that Eclipse was giving me the answer all along.:rolleyes:
Oops.png
 
Top