escape HTML

[Andryas]

I would like to put some html code in text arg like \<br> \<\sup> etc... is there a way to implement a arg to allow it?

[djnavarro]

This is very close to the top of the "to do" list. That capability disappeared when I rewrote the API to make cards() the core function, but I have every intention of reintroducing it in the next release. I'm still pondering what the user-facing options for this would be. One thought would be to have an as_html() function so that you could use like this:

dat %>%
  cards(
    title = title_field,
    link = link_field,
    text = as_html(text_field)
 )

The as_html() function would just wrap the input in a protective class so that rmarkdown/pandoc/etc don't try to escape the HTML characters. That seems to be a common design pattern in other similar packages. Would you find that approach easy to use?

[maelle]

Ah fun that's just what I was wondering about! I was just thinking that it'd be nice if make_text() recognized that something is a node, based on the class... so I would like the approach described above, FWIW. :sweat_smile:

[Andryas]

It works perfect for me!

[gadenbuie]

It's annoyingly difficult to use htmltools::HTML() to protect the HTML of a column in a data frame. Would you be open to accepting HTML for title, text, header, and footer by default? In that case, as_html() could be called internally inside make_text() etc.

If we're worried about unsafe HTML made from cards from user input I think it's reasonable to expect the Shiny author to call htmltools::htmlEscape() on the user input. But there could be the possibility of setting escape = TRUE on cards() to turn off as_html() internally.

(Btw, I'd be happy to contribute a PR with the above features.)

[Andryas]

For those that want to escape the HTML inside the text parameter, I solve this using this JQuery function.

$('#id-your-header .card-text').each(function() { 
    var x=$(this).text(); 
    $(this).html(x);
});