Jump to content

print variable with nofilter on tpl


Recommended Posts

Hi there,

i'm developing a module and i need to print a variable that contains html code in a tpl file. I know that i can use "nofilter" to do this (i.e. {$var nofilter})

When i try to validate the module (on validator.prestashop.com), in the security tab, there is this error: "Removing variable escaping is highly discouraged because malicious code can be displayed and executed". If i remove "nofilter", the variable is print as plain text. For example:

in module class 

$var = "<p>test string</p>";
$this->context->smarty->assign(['var'=>$var]);

in tpl file

{$var nofilter} <!-- output: test string -->
{$var|escape:'html':'UTF-8'} <!-- output: <p>test string</p> -->

How can i solve the validation error? Can i submit the module on the marketplace also with this error?

I'm using PrestaShop version 1.7.6.3

Thanks in advance

Edited by Mirko L (see edit history)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More