How do I avoid html entities in the view in CakePHP?

Question

So my data is being saved in mysql with actual apostrophes etc. But when CakePHP spits it out in the View like this: If you're on this page

I don't want to have to do htmlspecialchars_decode() on every string in my app. Is there a CakePHP solution for this kind of issue?

Here is the echo of the text:

<?php echo $this->Text->autoLinkUrls(h($item['Item']['post_comment'])); ?>

Here is the field info for post_comment:

And here is the form field it's being submitted as:

echo $this->Form->textarea('post_comment', array('label' => false, 'placeholder' => 'Ask a question or post a link', 'rows' => '3', 'class'=> 'u-full-width'));

EDIT: What's even stranger is - that in other parts of the app, apostrophes come out just fine.

Answer 1

I don't want to have to do htmlspecialchars_decode() on every string in my app. Is there a CakePHP solution for this kind of issue?

Yes, you need to understand that everything that is passed through the CakePHP core helpers is sanitized internally before rendering by using the h() function of CakePHP which is a convenience function for htmlspecialchars(). Be aware that third party helpers might not do that! So check them.

I think nearly all helper methods have an option to disable the escaping:

$this->Helper->method($foo, ['escape' => false]);

Make sure that you don't accidentally allow output of malicius strings when disabling it.

Answer 2

autoLinkUrls takes the options same as link(). SO it could help. Try with -

<?php echo $this->Text->autoLinkUrls(h($item['Item']['post_comment']), array('escape' => false)); ?>