4

This may be a duplicate; it's hard to tell because the key words contain "html" and "content" and even Bing and Google were returning a lot of false positives.

Bootstrap tooltips and popovers support html values for the data-content attribute when data-html=true. However, this isn't valid

<input id="email" class="form-control" type="email" 
  data-bind="value: Email, valueUpdate: 'afterkeydown'" 
  data-container="body" data-toggle="popover" data-placement="bottom"
  data-title="Email" data-html="true"
  data-content="<p>This is <i>your</i> email address.</p>" />

because you can't just put html in the value of an attribute that is itself HTML. It may confuse the parser and is not permitted by the HTML specification.

While it seems to work with Internet Explorer, I really don't feel like testing with fifty different browsers and versions. It certainly does confuse the parser in the Visual Studio 2013 HTML editor. That editor thinks there's no closing quote.

I could dodge this by assigning the attribute from JavaScript in a separate file, but that's clumsy and defeats the separation of concerns.

So, what's the right way to mark this up?

Peter Wone
  • 17,965
  • 12
  • 82
  • 134
  • 1
    why did you decided that it's not valid html? It seems to be valid. Check this question for more info: http://stackoverflow.com/questions/13202762/html-inside-twitter-bootstrap-popover – Oleksii Aza May 24 '14 at 00:56
  • I decided it's not valid HTML by consulting the W3C HTML specification instead of assuming it was valid merely because it seems to work in the browser that happens to be installed on my workstation. – Peter Wone May 24 '14 at 01:22

2 Answers2

1

As the accepted answer points out, you can't have a quote " inside a string quoted with ". This problem occurs often. If you want to display text that looks like HTML, then how is the browser supposed to know what it should parse as HTML and what it should simply display.

For example, how do you get a browser to display the text <p></p>

The answer is escaping. Instead of characters like " and <, you use placeholders like &quot; and &lt;

However, the solution of escaping the quotes doesn't work here. Precisely because the browser will not parse it as HTML. If you put escaped quotes in your html, they don't look like quotes to the browser, they look like text.

There is a different solution however: A string that is quoted with " can contain ' without problems. The following is valid: 

data-content="<div id='string_in_string' ></div>"

This can be applied to your bootstrap popovers, I've set up a fiddle, it shows how the single quote strings are correctly parsed, while the escaped strings confuse the browser: https://jsfiddle.net/z4t2sud3/3/

This is the code inside the fiddle (the fiddle environment automatically imports bootstrap, jquery, etc)

<mark data-content="
    <button class=&quot;btnr&quot; type=&quot;button&quot;>
        Doesn't work
    </button>

    <button class='btn btn-info' type='button'>
        Works
    </button>
    " data-html="true" data-toggle="popover">
    Popovered
</mark>

And be sure to activate the popover via Javascript:

$(function () {
  $('[data-toggle="popover"]').popover()
})
lhk
  • 27,458
  • 30
  • 122
  • 201
  • This problem is a vanishing dot in the rear-view mirror of my life, but I do like your analysis and solution. – Peter Wone Feb 27 '19 at 21:57
  • Hahaha :D maybe it can help someone else though. I'm sure that formatting html for bootstrap popups comes up often. – lhk Feb 28 '19 at 08:27
0

You can add whatever you want to an HTML attribute as long as it is a valid html attribute value. What is a valid attribute value? What does not contains tags, quotes and so on. So.... and what? The solution is: Scape the string before append it inside the html attribute.

If you are using PHP: http://fi2.php.net/htmlspecialchars Or Twig: http://twig.sensiolabs.org/doc/filters/escape.html

If you are using jquery, when you do $el.data('my_scaped_json) will be converted to whatever it was originally, such a json object or html-string: $( $el.data('my_scaped_html) );

José Cabo
  • 6,149
  • 3
  • 28
  • 39
  • 1
    Do you mean that I should encode this `

    ` like this? `data-content="<p>"` ?

     – Peter Wone May 24 '14 at 01:12
  • 2
    Yes. If you really want to add html inside an attribute you have to scape it in that way ;) – José Cabo May 24 '14 at 01:14
  • OK, I've checked and character encoding works. I was uncertain as to whether encoded characters would be resolved during DOM construction but experimental evidence shows that they are. I will check whether this is specified behaviour and if it isn't will add another comment. – Peter Wone May 24 '14 at 01:32
  • Found it. Mark-up characters are forbidden *because* entity parsing includes attribute values. – Peter Wone May 24 '14 at 01:37
  • What if you want the HTML open tag character to actually appear in the tooltip (a < character)? It seems impossible, since you can't use the actual open bracket (<) OR the escaped character (<)... – John Washam Jul 25 '14 at 22:10
  • You can use the escaped characters without any problems. That's why they are escaped... – José Cabo Aug 12 '14 at 19:09