Anonymous committed e8dcf39

Added doc on the HTML renderer.

Comments (0)

Files changed (1)


 Use this renderer if you want to render the field as a textfield::
-        <renderer type="textarea" rows="20">
+        <renderer type="textarea" rows="20"/>
 =========   ===========
 Attribute   Description
 values of the entity. See the ``expr`` attribute of the :ref:`Entity`.
 Appearance is same as a readonly field::
-        <renderer type="infofield">
+        <renderer type="infofield"/>
 pick the date from a calender. It also only allows valid date entries per
-        <renderer type="datepicker">
+        <renderer type="datepicker"/>
 The password renderer renderes a password field which hides the users input::
-        <renderer type="password">
+        <renderer type="password"/>
 labels, helptexts or error messages will be renderer. The hidden field will
 also take care on relations for SQLAlchemy mapped items::
-        <renderer type="hidden">
+        <renderer type="hidden"/>
+The html renderer is used to render custom html code. This is usefull if you
+want to render generic text sections or insert images. Images will need a
+external source for the image file. The html renderer will render Javascript
+, Stylesheets and HTML code::
+        <renderer type="html">
+         <div>
+           <p>You can include all valid html including images, lists etc.</p>
+           <p><strong>Warning:</strong>Also JS can be included.</p>
+         </div>
+        </renderer>
+Your custom code should be wrapped into a empty div node. Otherwise only the
+first child node of the renderer will be rendererd.
+The entity only needs the id attribute. If a label is provided, the label
+will be uses as some kind of header to the html part.
+.. warning::
+   Use this renderer with caution as it may introduce a large security hole if
+   users inject malicious javascript code into the form using the html renderer.
 .. _form: