Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Markdown issues
  • Rob_AnybodyRob_Anybody
    Has anyone issues with Markdown? Some things work, some don't.

    For example, I cannot bring the blockqoute-'function' to work.
    Using the provided examples from here. Even wrapping the text with a blockqoute-tag is useless. It just displays "<blockquote>text</blockquote>".

    Is this a bug? A feature? Or just me being stupid?
  • HarroHarro
    I don't know how you display the rendered markdown output, but if you pass it to a View, by default it will be encoded.

    This will cause the HTML to be displayed instead of rendered.
  • Rob_AnybodyRob_Anybody
    I call Markdown::parse() in the view.

    In views/aktuell.php
        <article>
            <h1><?php echo $n->title; ?></h1>
            <div><?php echo Markdown::parse($n->body);?></div>
        </article>

    In controller/main.php
        public function action_aktuell()
        {
            $data['news'] = Model_News::find('all');

            $this->template->title = "Foooooooo";
            $this->template->content = View::forge('main/aktuell', $data);
        }
  • HarroHarro
    Accepted Answer
    The problem is not in markdown, but in the way you use the template.

    Any variable passed to a View (and $this->template is a View) will be encoded unless you tell it not to.

    In this case, you're assigning a View to a View variable, so that view (or the output it produces) will be encoded, causing HTML to be displayed instead of rendered.

    Options:
    - use $this->template->set('content',View::forge('main/aktuell', $data), false);
    - or $this->template->set_safe('content',View::forge('main/aktuell', $data));
    - or Whitelist the View class in your application config
  • Rob_AnybodyRob_Anybody
    Cool, thanks for the explanation and advice.

    Now, which one of the possible solutions should I take? All of the bigger text parts should be processed with Markdown, so for the sake of making live easier I'm tempted to choose the last option. Would that be unwise and/or not the way you would do it? Conflict with the newer releases of fuelPHP?
  • HarroHarro
    The first two are the same, the last would do it generically for all View classes, which I would never do.
  • Rob_AnybodyRob_Anybody
    Why not?

    And comming back to the actual question:
    I was unprecise: Only some elements are encoded. As for example the blockquote-element. Bold, italics, and lists are not (not a complete list).

    And I whitelist Fuel\\Core\\View, no idea why. Got it from the nettuts tutorial...
  • HarroHarro
    The reason people want to Whitelist the View class is that they pass View objects to views, for example in a template/partials system.

    The problem I (personally) have with whitelisting (in general), is that it is no longer visible what you're doing, which makes it easier to make mistakes.

    If you have to do something special when you want to pass something without encoding, it means you have to think about it (is this wise from a security point of view?), and every time you see the code it is clear that you pass it unencoded (preferrably with some comments to why).
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion