/** Sets the embedded content (i.e., HTML tags) that is * shown as part of the description. * * <p>It is useful to show the description in more versatile way. * * <p>Default: empty (""). * * <p>Deriving class can override it to return whatever it wants * other than null. * * <h3>Security Note</h3> * <p>Unlike other methods, the content assigned to this method * is generated directly to the browser without escaping. * Thus, it is better not to have something input by the user to avoid * any <a href="http://books.zkoss.org/wiki/ZK_Developer%27s_Reference/Security_Tips/Cross-site_scripting">XSS</a> * attach. * @see #setDescription * @since 3.0.0 */ public void setContent(String content) { if (content == null) content = ""; if (!Objects.equals(_content, content)) { _content = content; smartUpdate("content", getContent()); //allow overriding getContent() } }
protected void renderProperties(org.zkoss.zk.ui.sys.ContentRenderer renderer) throws java.io.IOException { super.renderProperties(renderer); render(renderer, "disabled", _disabled); render(renderer, "description", getDescription()); //allow overriding getDescription() render(renderer, "content", getContent()); //allow overriding getContent() }
public void render(Component comp, Writer out) throws IOException { final SmartWriter wh = new SmartWriter(out); final Comboitem self = (Comboitem) comp; final String uuid = self.getUuid(); final String zcls = self.getZclass(); wh.write("<tr id=\"").write(uuid).write("\" z.type=\"Cmit\"") .write(self.getOuterAttrs()).write(self.getInnerAttrs()).writeln(">") .write("<td class=\"").write(zcls).write("-img\">").write(self.getImgTag()) .write("</td>\n<td class=\"").write(zcls).write("-text\">"); Out o = new Out(self.getLabel()); o.setPre(true); o.render(out); String s = self.getDescription(); if (!Strings.isBlank(s)) { wh.write("<br/>\n<span class=\"").write(zcls).write("-inner\">"); new Out(s).render(out); wh.write("</span>"); } s = self.getContent(); if (!Strings.isBlank(s)) wh.write("<span class=\"").write(zcls).write("-cnt\">").write(s).write("</span>"); //1. don't use Out to encode since content might contain HTML tags //2. Feature 1908524: no <br/> wh.writeln("</td></tr>"); } }