Commits

Anonymous committed e8dcf39

Added doc on the HTML renderer.

Comments (0)

Files changed (1)

docs/source/config.rst

 ````````
 Use this renderer if you want to render the field as a textfield::
 
-        <renderer type="textarea" rows="20">
+        <renderer type="textarea" rows="20"/>
 
 =========   ===========
 Attribute   Description
 values of the entity. See the ``expr`` attribute of the :ref:`Entity`.
 Appearance is same as a readonly field::
 
-        <renderer type="infofield">
+        <renderer type="infofield"/>
 
 Dropdown
 ````````
 pick the date from a calender. It also only allows valid date entries per
 keyboard::
 
-        <renderer type="datepicker">
+        <renderer type="datepicker"/>
 
 Password
 ````````
 The password renderer renderes a password field which hides the users input::
 
-        <renderer type="password">
+        <renderer type="password"/>
 
 
 Hidden
 labels, helptexts or error messages will be renderer. The hidden field will
 also take care on relations for SQLAlchemy mapped items::
 
-        <renderer type="hidden">
+        <renderer type="hidden"/>
+
+Html
+````
+The html renderer is used to render custom html code. This is usefull if you
+want to render generic text sections or insert images. Images will need a
+external source for the image file. The html renderer will render Javascript
+, Stylesheets and HTML code::
+
+        <renderer type="html">
+         <div>
+           <p>You can include all valid html including images, lists etc.</p>
+           <p><strong>Warning:</strong>Also JS can be included.</p>
+         </div>
+        </renderer>
+
+Your custom code should be wrapped into a empty div node. Otherwise only the
+first child node of the renderer will be rendererd.
+The entity only needs the id attribute. If a label is provided, the label
+will be uses as some kind of header to the html part.
+
+.. warning::
+   Use this renderer with caution as it may introduce a large security hole if
+   users inject malicious javascript code into the form using the html renderer.
 
 .. _form:
 
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.