Escaping html

Submitted by chris.lowth on Wed, 01/25/2017 - 16:31
1
0
-1

(( replace "[" with less-than and "]" with greater-than in what follows )

Is there a way to use the angularJS idea of filters to cause html contained in variables to be displayed in it's source format in a text widget with bonita?

Ie - if:

x = "the [i]quick brown[/i] fox";

I want to display this in a text widget, using a syntax like ..

{{ x | filterNameHere }}

And to see it rendered like the original text so I see the "[" and "]".

I would have though this should be a standard feature, otherwise users can enter html into forms and cause all kinds of havoc when that data is later used in text widgets (clever using of [script] could be really bad) - but I cant find a filter for this.

If I need to write my own filter, where should I put the file that it's coded in?

Thanks guys.

C

1 answer

Submitted by chris.lowth on Wed, 01/25/2017 - 18:59
1
0
-1
This one is the BEST answer!

Drop that -- I've worked it out.

In case you're interested: write a ".js" file and declare it as an asset to your page. The example below creates a filter called "clean"...

<code>
angular.module("bonitasoft.ui.filters").filter("clean", function() {
return function(input) {
return input.
replace(/&/g, "&amp;").
replace(/</g, "&lt;").
replace(/>/g, "&gt;");
};
});
</code>
(not sure how to get the forum to respect leading white space in code - sorry)

With that in place, you can then just use syntax like the following to filter the variable content to taste.

{{ myvar | clean }}

Chris

C

Notifications