4

I'm looking at outputting Rich Text in Magnolia directly to the front-end. I'm defining the field as below:

@TabFactory("Content")
public void contentTab(UiConfig cfg, TabBuilder tab) {
    tab.fields(
            cfg.fields.text("title").label("Title"),
            cfg.fields.richText("subtitle").label("Subtitle")
    );
}

Within a template, when information is saved into the JCR it appears to encode the data with HTML entities: 

Title: ${content.title}
Subtitle: ${content.subtitle}

Outputs (raw source) ...

Title: The Title Field
Subtitle: <p>The Subtitle Field</p>

But should output (raw source) ...

Title: The Title Field
Subtitle: <p>The Subtitle Field</p>

Is there a way to stop the Rich Text fields from being encoded automatically?

bashaus
  • 1,614
  • 1
  • 17
  • 33

2 Answers2

1

The decode function works: https://documentation.magnolia-cms.com/display/DOCS/cmsfn#cmsfn-DecodeHTML

[#if content.text?has_content]
    ${cmsfn.decode(content).text}
[/#if]
bashaus
  • 1,614
  • 1
  • 17
  • 33
0

Most framework try to get rid of the XSS-kind of attacks so it is a good way to use the template as the following:

Title: ${content.title}
Subtitle: <p>${content.subtitle}</p>

It will prevent the users (or admins) to run magic JS or some other bad codes on the client.

Back to the question: check out the documentation here https://documentation.magnolia-cms.com/display/DOCS/Component+definition. There is something called escapeHtml take a look at it. :)

Edit: as bashaus pointed out he was using page properties not components. The solution in this way the following:

[#if content.text?has_content]
    ${cmsfn.decode(content).text}
[/#if]

TL.DR: Try to avoid html characters in dynamic content, but the feature is able to be turned off.

Community
  • 1
  • 1
Hash
  • 4,647
  • 5
  • 21
  • 39
  • Thanks - but I'm not using components, I'm using page properties for this particular item. Any ideas on how to do it for the property (using the tabs item above) – bashaus Jul 21 '16 at 17:04