Support for HTML content

2025-10-08 09:34:26 -04:00
parent b102a2e41d
commit 7062fd8db2
2 changed files with 20 additions and 5 deletions
--- a/Block/Adminhtml/Order/View/VendorNotes.php
+++ b/Block/Adminhtml/Order/View/VendorNotes.php
@@ -6,27 +6,23 @@ use Magento\Sales\Model\Order;
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Store\Model\ScopeInterface;
 use Magento\Framework\Serialize\Serializer\Json;
-use Magento\Framework\Filter\Template as FilterTemplate;

 class VendorNotes extends Template
 {
    protected $_order;
    protected $_scopeConfig;
    protected $json;
-    protected $filterTemplate;

    public function __construct(
        \Magento\Backend\Block\Template\Context $context,
        \Magento\Sales\Model\Order $order,
        ScopeConfigInterface $scopeConfig,
        Json $json,
-        FilterTemplate $filterTemplate,
        array $data = []
    ) {
        $this->_order = $order;
        $this->_scopeConfig = $scopeConfig;
        $this->json = $json;
-        $this->filterTemplate = $filterTemplate;
        parent::__construct($context, $data);
    }

@@ -98,4 +94,20 @@ class VendorNotes extends Template
            return [];
        }
    }
+
+    /**
+     * Filter output to allow safe HTML tags
+     *
+     * @param string $content
+     * @return string
+     */
+    public function filterOutputHtml($content)
+    {
+        // Decode HTML entities first in case the content was double-encoded
+        $content = html_entity_decode($content, ENT_QUOTES, 'UTF-8');
+        
+        // Use Magento's filter to allow specific HTML tags
+        // This is safer than just echoing raw HTML
+        return $this->filterTemplate->filter($content);
+    }
 }
--- a/view/adminhtml/templates/order/view/vendor_notes.phtml
+++ b/view/adminhtml/templates/order/view/vendor_notes.phtml
@@ -15,7 +15,10 @@ $notes = $block->getVendorNotes();
                            <span class="title"><?php echo __('Vendor Note %1', $index + 1); ?></span>
                        </div>
                        <div class="vendor-note-content" style="padding: 10px 0; line-height: 1.6;">
-                            <?php echo $this->filterOutputHtml($note); ?>
+                            <?php 
+                            // Decode HTML entities and output
+                            echo html_entity_decode($note, ENT_QUOTES | ENT_HTML5, 'UTF-8'); 
+                            ?>
                        </div>
                    </div>
                    <?php if ($index < count($notes) - 1): ?>