Thread:Extension talk:Semantic Title/CSS code returned with Semantic Title when using MApping Templates in Semantic Forms

Hi

This is the continuation of a discussion which also appears in the Semantic Forms talk pages [].

I am using a Dropdown field in a Semantic Form to select pages from a category where the category uses Semantic Title to define its page names. I use a Mapping Template in the Semantic Form so the Dropdown shows the Semantic Title rather than the actual title.

However when the list of titles are displayed in the Dropdown they are surrounded by $.... tags.

The reason that these tags are being displayed is because Semantic Forms uses Html::element when constructing the list items in the Dropdown which escapes the label values provided by the Mapping Template. I find if I change line 95 in /includes/forminputs/SF_DropdownInput.php from

$innerDropdown .= Html::element( 'option', $optionAttrs, $label );

to

$innerDropdown .= Html::rawElement( 'option', $optionAttrs, $label );

then the Dropdown displays its list items correctly without the CSS tags. This appears to be because the semantic titles have already been escaped to be HTML safe before they are provided to the Dropdown.

I am in a bit of a quandry. If I make the change above then will I make the Dropdown insecure? Alternatively if I find a way to prevent Semantic Title returning an HTML safe escaped value, will this make my wiki insecure elsewhere?

I have to admit, I'm not entirely sure where the CSS tags are added. Ultimately they come from a protected function getCodeDisplay in SMW_DV_String.php, I think, but I haven't yet worked out where this is getting invoked from.

Any thoughts would be very much appreciated.

Duncan April 24, 2015