From a60704c462c9e3ce33c47c2c5eac7554cc5edbff Mon Sep 17 00:00:00 2001 From: John Ahlroos Date: Fri, 20 Dec 2013 13:53:34 +0200 Subject: HtmlRenderer should render unescaped html #12993 Change-Id: I12be26abcba29c7f88e71545254897b5597daf3b --- .../com/vaadin/client/ui/grid/renderers/HtmlRenderer.java | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'client') diff --git a/client/src/com/vaadin/client/ui/grid/renderers/HtmlRenderer.java b/client/src/com/vaadin/client/ui/grid/renderers/HtmlRenderer.java index ceafcfcb96..0787dc2332 100644 --- a/client/src/com/vaadin/client/ui/grid/renderers/HtmlRenderer.java +++ b/client/src/com/vaadin/client/ui/grid/renderers/HtmlRenderer.java @@ -15,6 +15,7 @@ */ package com.vaadin.client.ui.grid.renderers; +import com.google.gwt.safehtml.shared.SafeHtml; import com.google.gwt.safehtml.shared.SafeHtmlUtils; import com.vaadin.client.ui.grid.Cell; import com.vaadin.client.ui.grid.Renderer; @@ -22,19 +23,20 @@ import com.vaadin.client.ui.grid.Renderer; /** * Renders a string as HTML into a cell. *

- * The html string is HTML-escaped string before rendering. For more information - * about what kind of escaping is done see - * {@link SafeHtmlUtils#htmlEscape(String)}. + * The html string is rendered as is without any escaping. It is up to the + * developer to ensure that the html string honors the {@link SafeHtml} + * contract. For more information see + * {@link SafeHtmlUtils#fromSafeConstant(String)}. * * @since 7.2 * @author Vaadin Ltd - * @see SafeHtmlUtils#htmlEscape(String) + * @see SafeHtmlUtils#fromSafeConstant(String) */ public class HtmlRenderer implements Renderer { @Override public void renderCell(Cell cell, String htmlString) { - cell.getElement() - .setInnerSafeHtml(SafeHtmlUtils.fromString(htmlString)); + cell.getElement().setInnerSafeHtml( + SafeHtmlUtils.fromSafeConstant(htmlString)); } } -- cgit v1.2.3