search

sonata-project / SonataAdminBundle

The missing Symfony Admin Generator
https://docs.sonata-project.org/projects/SonataAdminBundle
MIT License
2.11k stars 1.26k forks source link

Edit Form Group Description Escapes HTML #5582

Closed amacrobert closed 5 years ago

amacrobert commented 5 years ago

Environment

Sonata packages

$ composer show --latest 'sonata-project/*'
sonata-project/admin-bundle              3.49.1 3.49.1 The missing Symfony Admin Generator
sonata-project/block-bundle              3.15.0 3.15.0 Symfony SonataBlockBundle
sonata-project/cache                     2.0.1  2.0.1  Cache library
sonata-project/core-bundle               3.17.0 3.17.0 Symfony SonataCoreBundle
sonata-project/datagrid-bundle           2.5.0  2.5.0  Symfony SonataDatagridBundle
sonata-project/doctrine-extensions       1.3.0  1.3.0  Doctrine2 behavioral extensions
sonata-project/doctrine-orm-admin-bundle 3.9.0  3.9.0  Symfony Sonata / Integrate Doctrine ORM into the SonataAdminBundle
sonata-project/exporter                  1.11.1 1.11.1 Lightweight Exporter library

Symfony packages

$ composer show --latest 'symfony/*'
Package symfony/assetic-bundle is abandoned, you should avoid using it. Use symfony/webpack-encore-pack instead.
symfony/monolog-bundle     v3.3.1  v3.3.1  Symfony MonologBundle
symfony/phpunit-bridge     v3.4.28 v4.3.1  Symfony PHPUnit Bridge
symfony/polyfill-apcu      v1.11.0 v1.11.0 Symfony polyfill backporting apcu_* functions to lower PHP versions
symfony/polyfill-ctype     v1.11.0 v1.11.0 Symfony polyfill for ctype functions
symfony/polyfill-intl-icu  v1.11.0 v1.11.0 Symfony polyfill for intl's ICU-related data and classes
symfony/polyfill-mbstring  v1.11.0 v1.11.0 Symfony polyfill for the Mbstring extension
symfony/polyfill-php56     v1.11.0 v1.11.0 Symfony polyfill backporting some PHP 5.6+ features to lower PHP versions
symfony/polyfill-php70     v1.11.0 v1.11.0 Symfony polyfill backporting some PHP 7.0+ features to lower PHP versions
symfony/polyfill-util      v1.11.0 v1.11.0 Symfony utilities for portability of PHP codes
symfony/security-acl       v3.0.2  v3.0.2  Symfony Security Component - ACL (Access Control List)
symfony/swiftmailer-bundle v2.6.7  v3.2.7  Symfony SwiftmailerBundle
symfony/symfony            v3.4.28 v4.3.1  The Symfony PHP framework

PHP version

$ php -v
PHP 7.1.23 (cli) (built: Feb 22 2019 22:08:13) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2018 Zend Technologies

Subject

HTML is escaped in edit form group descriptions. This is contrary to the documentation, which states

The text is not escaped, so HTML can be used.

Steps to reproduce

Create an admin that uses an edit form group. Put html in the form group description. Example:

namespace AppBundle\Admin;

use Sonata\AdminBundle\Admin\AbstractAdmin;

class BlogAdmin extends AbstractAdmin {

    // ...

    protected function configureFormFields(FormMapper $formMapper) {
        $formMapper
            ->with('General', [
                'class'       => 'col-md-6',
                'description' => '<strong>test description</strong>'
            ])
        // ...
    }
 }

Expected results

The HTML should be rendered like so:

Screen Shot 2019-06-10 at 1 09 15 PM

Actual results

The HTML is escaped like so:

Screen Shot 2019-06-10 at 1 08 47 PM
phansys commented 5 years ago

This issue is a duplicate of #4901.