View Full Version : [CLOSED] [#1373] [4.1.0] Grid - Column-renderer-method, HTML-tags are rendered as text.
sveins12
Aug 14, 2016, 9:56 PM
When using renderer on grid-columns the html-tags are output as text. The Sencha documentation says that the renderer method should return the HTML to be renderered, but now it is not working that way.
@{
var x = Html.X();
var data = new List<object>{
new
{
Name = "Lisa"
},
new
{
Name = "Bart"
},
new
{
Name = "Homer"
},
new
{
Name = "Marge"
}
};
}
@(
x.Grid()
.Columns(
x.Column()
.DataIndex("Name")
.Text("Name")
.Width(50)
.Flex(1)
.Renderer(@"return '<a>'+value+'</a>'")
)
.Store(x.Store()
.AutoDataBind(true)
.Fields(
x.ModelField().Name("Name")
)
.Data(data)
)
)
Here's the output:
24717
fabricio.murta
Aug 16, 2016, 5:20 AM
Hello @sveins12!
Thanks for yet this other report!
Can you point the sencha documentation you are referring to? While this may be really misleading, I don't really see any mention to HTML in the documentation for 6.0.2 modern toolkit from Sencha (http://docs.sencha.com/extjs/6.0.2-modern/Ext.grid.column.Column.html#cfg-renderer). Furthermore, they suggest reading Ext.grid.Grid documentation (http://docs.sencha.com/extjs/6.0.2-modern/Ext.grid.Grid.html) for better approaches in the modern toolkit. Ext.NET Mobile uses ExtJS 6.0.2 modern toolkit.
I hope this helps!
sveins12
Aug 16, 2016, 10:34 AM
Here is a link:
http://docs.sencha.com/extjs/6.0.2-modern/Ext.grid.column.Column.html#cfg-renderer
Please look at the two last lines of the section about renderer, it says:
- return : String
- The HTML string to be rendered.
I would like to point out that the ability to create HTML inside renderer-functions is, for my part, one of the greatest advantages in the ExtJs/Ext.NET toolkit.
Daniil
Aug 16, 2016, 4:26 PM
Hello,
I've found this topic on the Sencha forums.
https://www.sencha.com/forum/showthread.php?304101
It turned out that the rendered text is encoded by default in the ExtJS Modern toolkit - docs (http://docs.sencha.com/extjs/6.0.0-modern/Ext.grid.cell.Text.html#cfg-encodeHtml) on the encodeHtml option.
You can set
x.Column()
...
.Renderer(@"return '<a>'+value+'</a>'")
.Cell(cell => cell.Add(new
{
encodeHtml = false
}))
Should we change it to be false by default? I am not really sure in this case, but I tend to think we shouldn't...
sveins12
Aug 16, 2016, 4:36 PM
Thank you!
Yes, you should change it so that it is false by default. Especially if there's a renderer-method defined.
Reason 1: In all the other Ext.NET versions this is false by default.
Reason 2: The ExtJs-documentation which says "HTML to be returned".
Reason 3: Almost all cases when we want to use a renderer-method the goal is to return some nice HTML, and in the case we just want to return a boring text it will work anyway, even if the encodeHtml is false. So in the most scenarios we need this to be false.
Daniil
Aug 16, 2016, 4:44 PM
Well, but ExtJS docs on encodeHtml (http://docs.sencha.com/extjs/6.0.0-modern/Ext.grid.cell.Text.html#cfg-encodeHtml) option stays:
Specify false to write HTML directly to the cell. Be aware that doing this can expose your application to security issues if tha
which is also something to keep in mind.
Maybe, it should not render HTML by default in Ext.NET as well.
sveins12
Aug 16, 2016, 7:37 PM
A very good point, that about the security.
Daniil
Aug 17, 2016, 7:31 PM
We have a talk within the Team on this topic. We conclude that developers should not really rely on client side approaches on security. It is not going to be secure anyway. Everything should be validated on server side anyway. We decided to make a change to match Ext.NET behavior. encodeHtml is now false by default.
https://github.com/extnet/Ext.NET/issues/1373
Thank you for raising this topic.
Powered by vBulletin® Version 4.2.3 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.