XF 2.1 Render HTML in addon View

[Zig]

Hello everyone!

I'm currently working on porting a custom extension to a third-party addon that allows HTML within an article's message content. I've been able to adapt the majority of the extension to version 2 of the addon, but I've been unsuccessful at porting the most critical part---the View Class. The documents are silent on this topic and I couldn't find any existing discussions here that describe how to implement View Classes. I was also unable to find any topics relating to rendering user input as HTML within XF2.

Has anyone tried to do something similar? I could really use a few pointers on this!

Thanks,
zig

 

[Jeremy P]

You don't typically need to write custom view classes unless you're doing something non-standard. In any case, the short-name of the view class is the first argument to the view() method you'd return from your controller action. Something like Vendor\AddOn:Controller\Action, which would expand to Vendor\AddOn\Pub\View\Controller\Action. In that class you'd subclass \XF\Mvc\View to do what you need.

I was also unable to find any topics relating to rendering user input as HTML within XF2.

In a template you can do something like {{ $html|raw }} to render a variable without any escaping. Be sure you're aware of the security implications though, rendering user-provided HTML is generally considered a really bad idea unless you sanitize it some how.

 

[Zig]

Thanks for your response! You're absolutely right, this is a very non-standard use of the addon in question. We're aware of the security implications and for that reason the feature is restricted to administrators on our XF1 install and will remain that way on XF2. It's really only used for a special series of articles written by the forum staff.

I've got the necessary View class created, but my experiments with it over the last couple of days haven't had promising results. In our XF1 version of the extension, the View class checks for the message_is_html flag, then calls the renderHtml() function of its parent, then reapplies the unfiltered HTML to the message param. It requires no modifications to the view template for it to work. Sadly, I've been unable to duplicate the behavior. So far the only result I've managed to get in XF2 is a dump of the HTML source code where the rendered content should appear. This happens with both the default template and {{ $html|raw }}.

In short, I'm rather confused.

 

[Jeremy P]

Ah, I missed that this is merely an extension of a 3rd-party add-on. If the HTML is stored as a string and passed to the template as a parameter, and the template is outputting it using something like {$variable}, then I don't think it's possible to render it un-escaped without a template modification. All variable output in templates is escaped by default, and escaping must be opted out of explicitly via the raw filter.

I think this was the case in XF1 too (it's been a while) so I'm not exactly sure how everything worked there. If you wanted to side-step the template system entirely, you should be able to return whatever you want from the renderHtml() method of your view class.

 

[Zig]

Hi @Jeremy P! Just wanted to report back and say thanks for your help! We ultimately discovered that the raw filter does indeed work, but only if we don't use a View class. Something under-the-hood was escaping the HTML content when it was passed through the View. Adding a conditional to the view template via a template modification solved our issues. Thanks again!