ZF-9388: escape = false ignored on Zend_Form_Element_MultiSelect options
Description
Further to the issue I reported last year which was marked as resolved - issue 7403:
It is not possible to pass options to a multi-select form without them being escaped, regardless of the options passed in with the ViewHelper decorator. I reported this in v1.8.2 originally, although I'm now on 1.10.2 and it is the same. All code lines below refer to ZF ver 1.10.2.
When rendering the Zend_Form_Element_MultiSelect element, the "escape = false" option does not get referenced. Refer to lines 158 to 172 of Zend_View_Helper_FormSelect where the code is as follows:
$opt = '<option'
. ' value="' . $this->view->escape($value) . '"'
. ' label="' . $this->view->escape($label) . '"';
// selected?
if (in_array((string) $value, $selected)) {
$opt .= ' selected="selected"';
}
// disabled?
if (in_array($value, $disable)) {
$opt .= ' disabled="disabled"';
}
$opt .= '>' . $this->view->escape($label) . "</option>";
As you can see, the content within the option tag is escaped without any option to not escape it.
Comments
Posted by Christian Albrecht (alab) on 2010-03-11T01:29:08.000+0000
Not an issue
Posted by Christian Albrecht (alab) on 2010-03-11T02:35:20.000+0000
I must revert my Statement it is an issue, but it is not so easy to fix, because Zend_View->escape($val); always call_user_func with the value.
So one could do a bad hack like Zend_View->setEscape('trim') or similar but this leads to other issues.
The other solution could be to give Zend_Form_Decorator_ViewHelper a new method callbackReturnUnescaped($val) and do
if (false === $this->getOption('escape')) { Zend_View->setEscape(array($this,'callbackReturnUnescaped')); }