pbAllowHtml - cWebTreeView
Determines whether the value applies embedded HTML or whether it is HTML encoded
Type: Property
Access: Read/Write
Data Type: Boolean
Parameters: None
Syntax
{ WebProperty=Client }
Property Boolean pbAllowHtml
| Access Type | Syntax |
|---|---|
| Read Access: | WebGet pbAllowHtml to BooleanVariable |
| Write Access: | WebSet pbAllowHtml to BooleanVariable/Value |
Description
Normally, the framework HTML encodes the psValue text that is displayed in a column so that any characters within the value that might be interpreted as HTML by the browser are displayed literally and not interpreted as HTML.
This HTML encoding is normally what you want, as embedded HTML characters are normally present by chance and you do not intend the browser to do anything other than display the characters.
Sometimes you may have a special reason to embed HTML inside the treee view item's value. Set pbAllowHtml to True to disable HTML encoding of the item values.
Warning: If you use this feature, you should understand the element structure of framework TreeViews and also the way that system and theme CSS is applied.
Using embedded HTML should be a technique of last resort. If you need to apply special column styling, then it is better to use the provided properties or create and apply styles using CSS, for example by adding a style to the workspaces application.css file.
Embedded HTML that is generated by your DataFlex objects is considered poor separation of client and server side elements.
XSS Vulnerabilities
Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other.
The DataFlex web controls do this by default in most cases. The exceptions are cWebHtmlBox, cWebHtmlList and any control that has pbAllowHtml set to True.
The solution is to use HtmlEncode in these situations.
Sample
The example below demonstrates how to use embedded HTML in a tree view item that displays inventory item Ids. This example replaces line in Function OnLoadChildNodes in a cWebTreeView named oItemsTree in DemoTreeView.wo that is part of our Weborder sample web application.
By changing this line of code
Move (Trim(Invt.Item_ID)) to aItems[iCount].sName
to this line of code
Use HtmlEncode.pkg
String sTemp
Move (SFormat('<b>%1</b><br><i>%2</i>', Trim(Invt.Item_ID), Trim(Invt.Description))) to sTemp
Move (HtmlEncode(sTemp)) to aItems[iCount].sName
You can change the displayed tree view item from simply displaying an inventory item to bolding that inventory item (%1), as well as adding the item's description (, Trim(Invt.Description)) and italicizing it (%2).
About Web Properties
Each web property maintains two values: The regular property value is set during object creation and should not be changed during the lifetime of that object. To access that value, use the standard property Get and Set syntax.
The web property value is the local value stored at each client. This is synchronized to the client's local value whenever a server call is being processed. To access the web property value, use the WebGet and WebSet syntax above instead of the standard Get and Set syntax.
See Also
About Web Properties
Each web property maintains two values: The regular property value is set during object creation and should not be changed during the lifetime of that object. To access that value, use the standard property Get and Set syntax.
The web property value is the local value stored at each client. This is synchronized to the client's local value whenever a server call is being processed. To access the web property value, use the WebGet and WebSet syntax above instead of the standard Get and Set syntax.