0

How can I generate html from my pure scala block in play framework view?

The following code will put the text of the tags directly in the page and since instead of '<' scala puts '&lt' the tags are not rendered as html but as pure text!

Is putting the variable as last statement a correct way of returning that variables value as result of block execution?

@block() = @{
  var str = "<li>"
  str += req.getPage
  var += "</li>"
  str
}
biesior
  • 55,576
  • 10
  • 125
  • 182
p00ya00
  • 796
  • 1
  • 10
  • 20

1 Answers1

1

Scala templates automatically escape all dynamic content for you to protect you from XSS attacks. If you are certain that the content you are placing in the page is trusted (ie, not input by a user), and want to disable this XSS protection (if you're not familiar with XSS, then be very wary here, you are likely introducing a security vulnerability into your system if you don't 100% understand what you are doing), then you have two options, either wrap the call to block in Html when you use it:

@Html(block())

Or, wrap the return value of block in Html:

@block() = @{
  var str = "<li>"
  str += req.getPage
  str += "</li>"
  Html(str)
}

You can read more about this in the Play docs, in the section titled "Escaping" at the bottom of this page:

http://www.playframework.com/documentation/2.2.x/ScalaTemplates

James Roper
  • 12,695
  • 46
  • 45