search

sonata-project / SonataAdminBundle

The missing Symfony Admin Generator
https://docs.sonata-project.org/projects/SonataAdminBundle
MIT License
2.11k stars 1.26k forks source link

BaseGroupedMapper->with($name $options['description']) now renders HTMLencoded #4901

Closed JeromeGillard closed 5 years ago

JeromeGillard commented 6 years ago

Environment

Sonata packages

$ composer show --latest 'sonata-project/*'
sonata-project/admin-bundle              3.28.0 3.30.1 The missing Symfony Admin Generator
sonata-project/block-bundle              3.10.0 3.10.0 Symfony SonataBlockBundle
sonata-project/cache                     2.0.1  2.0.1  Cache library
sonata-project/core-bundle               3.9.0  3.9.0  Symfony SonataCoreBundle
sonata-project/datagrid-bundle           2.3.1  2.3.1  Symfony SonataDatagridBundle
sonata-project/doctrine-orm-admin-bundle 3.3.0  3.4.1  Symfony Sonata / Integrate Doctrine ORM into the SonataAdminBundle
sonata-project/exporter                  1.8.0  1.8.0  Lightweight Exporter library
sonata-project/formatter-bundle          3.4.0  3.4.0  Symfony SonataFormatterBundle

Symfony packages

$ composer show --latest 'symfony/*'
symfony/assetic-bundle     v2.8.2  v2.8.2 Integrates Assetic into Symfony2
symfony/intl               v3.4.3  v4.0.3 A PHP replacement layer for the C intl extension that includes additional data from the ICU library.
symfony/monolog-bundle     v2.12.1 v3.1.2 Symfony MonologBundle
symfony/phpunit-bridge     v3.4.3  v4.0.3 Symfony PHPUnit Bridge
symfony/polyfill-apcu      v1.6.0  v1.6.0 Symfony polyfill backporting apcu_* functions to lower PHP versions
symfony/polyfill-intl-icu  v1.6.0  v1.6.0 Symfony polyfill for intl's ICU-related data and classes
symfony/polyfill-mbstring  v1.6.0  v1.6.0 Symfony polyfill for the Mbstring extension
symfony/polyfill-php54     v1.6.0  v1.6.0 Symfony polyfill backporting some PHP 5.4+ features to lower PHP versions
symfony/polyfill-php55     v1.6.0  v1.6.0 Symfony polyfill backporting some PHP 5.5+ features to lower PHP versions
symfony/polyfill-php56     v1.6.0  v1.6.0 Symfony polyfill backporting some PHP 5.6+ features to lower PHP versions
symfony/polyfill-php70     v1.6.0  v1.6.0 Symfony polyfill backporting some PHP 7.0+ features to lower PHP versions
symfony/polyfill-util      v1.6.0  v1.6.0 Symfony utilities for portability of PHP codes
symfony/security-acl       v3.0.1  v3.0.1 Symfony Security Component - ACL (Access Control List)
symfony/swiftmailer-bundle v2.6.7  v3.1.6 Symfony SwiftmailerBundle
symfony/symfony            v2.8.17 v4.0.3 The Symfony PHP framework

PHP version

$ php -v
PHP 7.1.11-1+0~20171027135525.10+stretch~1.gbp2e638d (cli) (built: Oct 27 2017 13:55:27) ( NTS )
Copyright (c) 1997-2017 The PHP Group

Subject

Using HTML content for the description option of $formMapper->with() function encodes the HTML and displays HTML tags to the final user. This bug appears when updating from sonata-project/admin-bundle 3.28 to sonata-project/admin-bundle 3.29 (also seen in 3.30.1)

Steps to reproduce

Add an HTML description to a tab:

    protected function configureFormFields(FormMapper $formMapper)
    {
        $formMapper
            ->tab('Label')
            ->with('Label', array(
                'class' => 'col-md-12',
                'description' => "Object Keys  <a href=\"".$okrc."\" target=\"_blank\">here</a>",
                ));
    }

Expected results

The description's HTML must be interpreted and displayed as a link in browser

Actual results

The description's HTML code is displayed:

Object Keys  <a href="/" target="_blank">here</a>
perryxp commented 6 years ago

This bug appears when updating from sonata-project/admin-bundle 3.28 to sonata-project/admin-bundle 3.29 (also seen in 3.30.1)

It also appears in version 3.31.0.

Thx!

jordisala1991 commented 6 years ago

This could be easily fixable by adding a new option to output with raw filter. We used safe_label in the past for it.

Matan commented 6 years ago

Hello! Any movement on this? My description fields are also rendering the html tags. Thanks!