Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inserting unescaped HTML string. #106

Open
aarondewindt opened this issue Jan 16, 2021 · 6 comments
Open

Inserting unescaped HTML string. #106

aarondewindt opened this issue Jan 16, 2021 · 6 comments

Comments

@aarondewindt
Copy link

I'm using a third-party library (tabulate) to generate html tables from my data and I would like to insert these in the dom. Since I wasn't able to find a way to do this scanning through the docs and code I came up with this work around.

class RawHTML(VDOM):
    def __init__(self, children=None):
        super().__init__(None, children=children)

    def to_dict(self):
        return "\n".join(self.children)

    def _repr_html_(self):
        return "\n".join(self.children)

    @classmethod
    def from_dict(cls, value):
        return super().from_dict(value)

def html(*children):
    return RawHTML(children)

Running this doesn't result in what expect.

html_source = "<b>HTML Source</b>"
component = div(html(html_source))
display(component)

Renders the raw html source in the browser instead of the bold texts. So it's still being escaped.

<b>HTML Source</b>

Calling component.to_html() gives me the expected html code <div><b>HTML Source</b></div>. Which means that rendering the component in a IPython.display.HTML` gives me the expected result.

html_source = "<b>HTML Source</b>"
component = div(html(html_source))
display(HTML(component.to_html()))

HTML Source

I've obviously missed something in my RawHTML class implementation. So does anyone know what I missed? Is there an official way to insert raw html? And if not are there plans to to add this as a feature?
@aarondewindt
Copy link
Author

I know probably parsing html into VDOM objects would probably be the best here.

@aarondewindt aarondewindt mentioned this issue Jan 17, 2021
Open
@rmorshea
Copy link
Contributor

rmorshea commented Jan 18, 2021
edited
Loading

@aarondewindt, idom has a utility function for converting HTML strings to VDOM. If you're interested in adding any interactivity to what you're displaying I'd recommend taking a deeper look at idom.

@rgbkrk
Copy link
Member

rgbkrk commented Mar 3, 2021

We don't want to inject raw HTML onto the DOM with vdom, mostly so we can trust that the output is sanitized. React lets you work around this by using dangerouslySetInnerHTML, but if I recall correctly we don't let that prop pass through.

I know probably parsing html into VDOM objects would probably be the best here.

That's what we built it for!

@rmorshea
Copy link
Contributor

rmorshea commented Mar 3, 2021

@rgbkrk perhaps worth porting the html_to_vdom function here?

@rgbkrk
Copy link
Member

rgbkrk commented Mar 5, 2021

Where... did that get written at? It's... been awhile.

@rmorshea
Copy link
Contributor

rmorshea commented Mar 5, 2021
edited
Loading

Here's the function: https://idom-docs.herokuapp.com/docs/_modules/idom/utils.html#html_to_vdom

I wrote it for IDOM but it should be compatible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rgbkrk @rmorshea @aarondewindt