0

How can I generate html from my pure scala block in play framework view?

The following code will put the text of the tags directly in the page and since instead of '<' scala puts '&lt' the tags are not rendered as html but as pure text!

Is putting the variable as last statement a correct way of returning that variables value as result of block execution?

@block() = @{
  var str = "<li>"
  str += req.getPage
  var += "</li>"
  str
}
Improve this question

1 Answer 1

Reset to default
1

Scala templates automatically escape all dynamic content for you to protect you from XSS attacks. If you are certain that the content you are placing in the page is trusted (ie, not input by a user), and want to disable this XSS protection (if you're not familiar with XSS, then be very wary here, you are likely introducing a security vulnerability into your system if you don't 100% understand what you are doing), then you have two options, either wrap the call to block in Html when you use it:

@Html(block())

Or, wrap the return value of block in Html:

@block() = @{
  var str = "<li>"
  str += req.getPage
  str += "</li>"
  Html(str)
}

You can read more about this in the Play docs, in the section titled "Escaping" at the bottom of this page:

http://www.playframework.com/documentation/2.2.x/ScalaTemplates

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.