bs4cards
bs4cards copied to clipboard
djnavarro
escape HTML
I would like to put some html code in text arg like <br> <\sup> etc... is there a way to implement a arg to allow it?
This is very close to the top of the "to do" list. That capability disappeared when I rewrote the API to make cards() the core function, but I have every intention of reintroducing it in the next release. I'm still pondering what the user-facing options for this would be. One thought would be to have an as_html() function so that you could use like this:
dat %>%
cards(
title = title_field,
link = link_field,
text = as_html(text_field)
)
The as_html() function would just wrap the input in a protective class so that rmarkdown/pandoc/etc don't try to escape the HTML characters. That seems to be a common design pattern in other similar packages. Would you find that approach easy to use?
Ah fun that's just what I was wondering about! I was just thinking that it'd be nice if make_text() recognized that something is a node, based on the class... so I would like the approach described above, FWIW. :sweat_smile:
It's annoyingly difficult to use htmltools::HTML() to protect the HTML of a column in a data frame. Would you be open to accepting HTML for title, text, header, and footer by default? In that case, as_html() could be called internally inside make_text() etc.
If we're worried about unsafe HTML made from cards from user input I think it's reasonable to expect the Shiny author to call htmltools::htmlEscape() on the user input. But there could be the possibility of setting escape = TRUE on cards() to turn off as_html() internally.
(Btw, I'd be happy to contribute a PR with the above features.)
For those that want to escape the HTML inside the text parameter, I solve this using this JQuery function.
$('#id-your-header .card-text').each(function() {
var x=$(this).text();
$(this).html(x);
});