Issues

ZF-9388: escape = false ignored on Zend_Form_Element_MultiSelect options

Description

Further to the issue I reported last year which was marked as resolved - issue 7403:

It is not possible to pass options to a multi-select form without them being escaped, regardless of the options passed in with the ViewHelper decorator. I reported this in v1.8.2 originally, although I'm now on 1.10.2 and it is the same. All code lines below refer to ZF ver 1.10.2.

When rendering the Zend_Form_Element_MultiSelect element, the "escape = false" option does not get referenced. Refer to lines 158 to 172 of Zend_View_Helper_FormSelect where the code is as follows:

    $opt = '<option'
         . ' value="' . $this->view->escape($value) . '"'
         . ' label="' . $this->view->escape($label) . '"';

    // selected?
    if (in_array((string) $value, $selected)) {
        $opt .= ' selected="selected"';
    }

    // disabled?
    if (in_array($value, $disable)) {
        $opt .= ' disabled="disabled"';
    }

    $opt .= '>' . $this->view->escape($label) . "</option>";

As you can see, the content within the option tag is escaped without any option to not escape it.

Comments

Not an issue

I must revert my Statement it is an issue, but it is not so easy to fix, because Zend_View->escape($val); always call_user_func with the value.

So one could do a bad hack like Zend_View->setEscape('trim') or similar but this leads to other issues.

The other solution could be to give Zend_Form_Decorator_ViewHelper a new method callbackReturnUnescaped($val) and do

if (false === $this->getOption('escape')) { Zend_View->setEscape(array($this,'callbackReturnUnescaped')); }