Escape HTML

In my DCT, I have Description Field

<item name="Description">
<label>Description</label>
<description>Enter the description</description>
<text size="50" required="t" maxlength="255" />
</item>

When the user creates DCR using the above DCT, the user had entered as value for this field like this,
"This is the location for <myplace> & <yourplace>"

But in my tpl, I render this value as,

<table border=1 cellpadding=0 cellspacing=0 width=100%>
<tr>
<td valign=top width=25% nowrap>Description</td>
<td><iw_value name='dcr.Description'/></td>
</tr>
</table>

when previewing, the user able to see only "This is the location for &"

How do I solve this?

Please throw lights.

Thanks in advance

m. a. l. i.
TS 6.1 Win2k3

Find more posts tagged with

Comments

jbonifaci

You will need to encode the < and > (< and &gt Smiley Wink

. Otherwise they are treated as html tags and not displayed. You can either teach your users to encode these characters, encode them on item change or encode them in your template. If you are deploying these fields to a database, you will want to encode them before you insert them as well.

~Jeff

Mali

Thanks. But is there anyway to escape HTML through code in tpl file.

m. a. l. i.
TS 6.1 Win2k3

jbonifaci

Ideally you do all of your template within a single <iw_perl> tag. But, that aside, you can use an <iw_perl> tag to get the value and manipulate it with perl code before outputing it. Read the manual and you should be able to figure it out.

~Jeff

Mali

Thanks. I heard something like <iw_url_escape> there should be for escaping HTML also. Any idea?

m. a. l. i.
TS 6.1 Win2k3

Mali

I even tried this way,

Adding a subroutine,

sub html_escape
{
return TeamSite::CGI_lite::escape_html_data(shift);
}

and using the Sub like this, <iw_value name="html_escape($description)"/>

but the issue here is, its working only for PERL variable, but not for

<iw_value name="html_escape(dcr.description)"/>

:-(

Any ideas?

m. a. l. i.
TS 6.1 Win2k3

MultipleMasterPages.rptdesign

jbonifaci

First off, I would really suggest that you take an interwoven training class on templating. Secondly, you can't call a perl sub routine within an <iw_value> tag. You can only call it within an <iw_perl> tag. Read up on this and you should be able to figure it out (http://<server>/iw/help/tst/pt/).

~Jeff

cliffhanger

<iw_value name="html_escape(dcr.description)"/>

Have you tried html_escape(<iw_value name="dcr.description"/>);
??

awizardly

I've called perl functions from within iw_value tags before

<iw_value name="(handle_nav())"/>

Not sure where I got this kind of syntax but it works.

Lee
Organic Inc
http://www.organic.com

jbonifaci

Well, I admit, I write all of my tpls within a single <iw_perl> tag so I never even use <iw_value>. I guess I should have RTFM'd before saying you couldn't use perl inside an <iw_value> tag. From the documentation:
In addition, if the 'name' is surrounded by parentheses, it
is treated like a perl expression. This makes it easy to
do things like call functions and evaluate formulas inline.

Example:

A day has <iw_value name='( 60*60*24 )'/> seconds!~Jeff

Mali

No Luck Cliff.

m. a. l. i.
TS 6.1 Win2k3

awizardly

Try

<iw_value name="(html_escape(iwpt_dcr_value(dcr.description)))"/>

The outside parentheses is to get this to evaluate perl.
And also I believe that you your html_escape function must take a string not a DCRNode Location.

Lee
Organic Inc
http://www.organic.com

Mali

Thanks. But either way not worked! :-(

m. a. l. i.
TS 6.1 Win2k3