Is there a latte filter for turning urls into clickable links?

about a month ago

netteman
Member | 59
+
0
-

Hi,

is there a latte filter that would turn urls into clickable links like nette forum does?

I know I can get it done by JavaScript e.g. http://benalman.com/…/js-linkify/ but I'd like to know if Latte can do it.

Thanks ;-)

about a month ago

Felix
Nette Core | 864
+
0
-

No problem to create it. For example in contributte/latte.

about a month ago

Phalanx
Member | 207
+
0
-

@netteman So far as I know – no, but you can always create your own latte filter.

<?php
{$someContent|makeLinks}

class MyHelpers
{
    public static function loader($name, $s)
    {
        if (method_exists(__CLASS__, $name)) {
            return self::$name($s);
        }

        return NULL;
    }

    public static function makeLinks($content)
    {
        // something from here https://stackoverflow.com/questions/1960461/convert-plain-text-urls-into-html-hyperlinks-in-php
    }
}

// and register that helper
$template->registerHelper('makeLinks', callback('MyHelpers::makeLinks'));

?>

about a month ago

netteman
Member | 59
+
0
-

Thanks, guys!

about a month ago

netteman
Member | 59
+
+2
-

Here's my final code:

Presenter:

    protected function beforeRender()
    {
        parent::beforeRender();

        $this->template->addFilter('urlify', function ($s) {
            //preg source: https://stackoverflow.com/questions/1960461/convert-plain-text-urls-into-html-hyperlinks-in-php
            $url = '~(?:(https?)://([^\s<]+)|(www\.[^\s<]+?\.[^\s<]+))(?<![\.,:])~i';
            $s = preg_replace($url, '<a href="$0" target="_blank" title="$0">$0</a>', $s);
            return $s;
        });

    }
With escaping

    protected function beforeRender()
    {
        parent::beforeRender();

        $this->template->addFilter('urlify', function ($s) {
            $url = '~(?:(https?)://([^\s<]+)|(www\.[^\s<]+?\.[^\s<]+))(?<![\.,:])~i';
            $s = preg_replace($url, '<a href="$0" target="_blank" title="$0">$0</a>', htmlspecialchars($s, ENT_NOQUOTES, 'UTF-8'));

            $html = new \Nette\Utils\Html;
            $html->setHtml($s);
            return $html;

        });
    }
Template:

    {$text|urlify|noescape}

Last edited by netteman (2018-08-23 10:13)

about a month ago

David Matějka
Moderator | 5609
+
+3
-

@netteman it is insecure, check how breaklines filter is implemented. to prevent xss you have to escape $s input first. also it is better to return Html instance, then you can remove noescape modifier in latte

about a month ago

netteman
Member | 59
+
0
-

David Matějka wrote:

@netteman it is insecure, check how breaklines filter is implemented. to prevent xss you have to escape $s input first. also it is better to return Html instance, then you can remove noescape modifier in latte

Thanks for the warning. I tested XSS with <script>alert(‘Hack!’);</script> AFTER I added breaklines filter which escaped the XSS so I thought everything was fine.

See the updated code above :)

Last edited by netteman (2018-08-23 14:13)