Forbid HTML inside Placeholder and HandleBars square bracket notation {{ }}

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • jhack_jos
    Junior Member
    • Apr 2025
    • 14
    #1

    Forbid HTML inside Placeholder and HandleBars square bracket notation {{ }}

    This would make Template creation even more practical for experienced users, and increase a lot intuitiveness for new users.
    I would use a JavaScript RegEx in the client code, like the following, to catch all PlaceHolders and HandleBars tags:

    Code:
    {{?[^}]*}}?
    Depending on the implementation I would:
    • give a warning if inside a PlaceHolders or HandleBars tag some HTML is found. For example, if the following RegEx matches:
      Code:
      <[^>]+?>
      This would help the user not to puzzle seeing a Error 500 code when trying to run a Template with apparently correct tags. It can be quite frustrating for new users.
    • If it is acceptable with the current EspoCRM implementation, it may be possible to forbid formatting inside a PlaceHolder or HandleBar tag using some custom JavaScript code applied to the built-in editor, to prevent such kind of errors. When doing so, a warning in the UI should be issued.
    • in the PHP code, it may be possible move the HTML code that is inside of the tag on it's right or left before running the template (accepting some empty tags may be generated, but avoiding an 500 Error). In this case a Warning should be added to the EspoCRM log.
    Myself, I think I kind of got the handle of it, but it took me a considerable amount of time to get all pieces together and understand what was happening.
    Thank you for your consideration. I hope this may help future and current users.
    Jacopo
    Last edited by jhack_jos; 05-10-2025, 09:08 PM.
    Tags: None
    • yuri
      Member
      • Mar 2014
      • 8942
      #2
      Hi Jacopo,

      {{...}} are actually expressions not placeholders. We can't disallow a wide set of characters without breaking the functionality. For example `>` is a valid character. I think what we should do is to catch the template rendering error somehow and show a message to a user. But it can be tricky given that the library works in a somewhat peculiar fashion.
      If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

        Comment

        • jhack_jos
          Junior Member
          • Apr 2025
          • 14
          #3
          Hi Yuri,

          thank you for your reply. I see what you mean. If {{...}} are expressions the solution you propose looks as the only sensitive choice.
          Let me know if there is anything I can do to help. As of now I am not enough confident with the code to find a way to catch the template rendering error, but I hope my understand will increase in the coming months and years

            Comment

            Previous template Next
            Working...