McQueen/module-vendor-notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support for HTML content

Browse Source
This commit is contained in:
shopkeeperdev
2025-10-08 09:34:26 -04:00
parent b102a2e41d
commit 7062fd8db2
2 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
Block/Adminhtml/Order/View/VendorNotes.php
View File

@@ -6,27 +6,23 @@ use Magento\Sales\Model\Order;
use Magento\Framework\App\Config\ScopeConfigInterface; use Magento\Framework\App\Config\ScopeConfigInterface;
use Magento\Store\Model\ScopeInterface; use Magento\Store\Model\ScopeInterface;
use Magento\Framework\Serialize\Serializer\Json; use Magento\Framework\Serialize\Serializer\Json;
use Magento\Framework\Filter\Template as FilterTemplate;
class VendorNotes extends Template class VendorNotes extends Template
{ {
protected $_order; protected $_order;
protected $_scopeConfig; protected $_scopeConfig;
protected $json; protected $json;
protected $filterTemplate;
public function __construct( public function __construct(
\Magento\Backend\Block\Template\Context $context, \Magento\Backend\Block\Template\Context $context,
\Magento\Sales\Model\Order $order, \Magento\Sales\Model\Order $order,
ScopeConfigInterface $scopeConfig, ScopeConfigInterface $scopeConfig,
Json $json, Json $json,
FilterTemplate $filterTemplate,
array $data = [] array $data = []
) { ) {
$this->_order = $order; $this->_order = $order;
$this->_scopeConfig = $scopeConfig; $this->_scopeConfig = $scopeConfig;
$this->json = $json; $this->json = $json;
$this->filterTemplate = $filterTemplate;
parent::__construct($context, $data); parent::__construct($context, $data);
} }
@@ -98,4 +94,20 @@ class VendorNotes extends Template
return []; return [];
} }
} }
/**
* Filter output to allow safe HTML tags
*
* @param string $content
* @return string
*/
public function filterOutputHtml($content)
{
// Decode HTML entities first in case the content was double-encoded
$content = html_entity_decode($content, ENT_QUOTES, 'UTF-8');
// Use Magento's filter to allow specific HTML tags
// This is safer than just echoing raw HTML
return $this->filterTemplate->filter($content);
}
} }

5
view/adminhtml/templates/order/view/vendor_notes.phtml
View File

@@ -15,7 +15,10 @@ $notes = $block->getVendorNotes();
<span class="title"><?php echo __('Vendor Note %1', $index + 1); ?></span> <span class="title"><?php echo __('Vendor Note %1', $index + 1); ?></span>
</div> </div>
<div class="vendor-note-content" style="padding: 10px 0; line-height: 1.6;"> <div class="vendor-note-content" style="padding: 10px 0; line-height: 1.6;">
<?php echo $this->filterOutputHtml($note); ?> <?php
// Decode HTML entities and output
echo html_entity_decode($note, ENT_QUOTES | ENT_HTML5, 'UTF-8');
?>
</div> </div>
</div> </div>
<?php if ($index < count($notes) - 1): ?> <?php if ($index < count($notes) - 1): ?>