Support for HTML content

Block/Adminhtml/Order/View/VendorNotes.php

@@ -6,27 +6,23 @@ use Magento\Sales\Model\Order;
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Store\Model\ScopeInterface;
 use Magento\Framework\Serialize\Serializer\Json;
-use Magento\Framework\Filter\Template as FilterTemplate;
 
 class VendorNotes extends Template
 {
     protected $_order;
     protected $_scopeConfig;
     protected $json;
-    protected $filterTemplate;
 
     public function __construct(
         \Magento\Backend\Block\Template\Context $context,
         \Magento\Sales\Model\Order $order,
         ScopeConfigInterface $scopeConfig,
         Json $json,
-        FilterTemplate $filterTemplate,
         array $data = []
     ) {
         $this->_order = $order;
         $this->_scopeConfig = $scopeConfig;
         $this->json = $json;
-        $this->filterTemplate = $filterTemplate;
         parent::__construct($context, $data);
     }
 
@@ -98,4 +94,20 @@ class VendorNotes extends Template
             return [];
         }
     }
+
+    /**
+     * Filter output to allow safe HTML tags
+     *
+     * @param string $content
+     * @return string
+     */
+    public function filterOutputHtml($content)
+    {
+        // Decode HTML entities first in case the content was double-encoded
+        $content = html_entity_decode($content, ENT_QUOTES, 'UTF-8');
+        
+        // Use Magento's filter to allow specific HTML tags
+        // This is safer than just echoing raw HTML
+        return $this->filterTemplate->filter($content);
+    }
 }