Prevent ZF2 formHelper escaping attributes

Question

Hi I have a form with a number field. I use regex to validate the field. For that reason I added the pattern attribute the element. However when I use formText it html escapes the regex pattern.

//inside the form _construct
$this->add(array(
            'name' => 'number',
            'type' => 'text',
            'options' => array(
                'label' => 'Number',
            ),
   'attributes' => array(
    'pattern' => '/^(\+)?((\d)+(-|\s)?)+$/',
    'maxLength' => '20',
    'id' => 'number',
   ),
        ));

And in the form

<?php echo $this->formText($form->get('number')); ?>

The result is then

<input type="text" name="number" pattern="&#x2F;&#x5E;&#x28;&#x5C;&#x2B;&#x29;&#x3F;&#x28;&#x28;&#x5C;d&#x29;&#x2B;&#x28;-&#x7C;&#x5C;s&#x29;&#x3F;&#x29;&#x2B;&#x24;&#x2F;" id="number" value="" maxlength="20">

How can I add the number field to my form without escaping the regex pattern?

Answer 1

Form view helpers are supposed to work that way, providing some baseline security features and automating stuff. So if you don't won't that don't use them:

<input type="<?php echo $form->get('number')->getType(); ?>" pattern="type="<?php echo $form->get('number')->getAttribute('pattern'); ?>" value="<?php echo $form->get('number')->geValue(); ?>">

Not sure what you need displayed, but it should give you a general idea of "my" approach. You can also manually escape stuff like value:

$this->escape($form->get('number')->geValue())

If you find this tedious, you can always write a helper that does this. You can also make PR with an option to turn of the escaping for attributes, but having them on by default is a sensible.