Skip to main content

I’ve tried looking around for a solution for this problem, but to no avail. The problem that I’m having is I have a custom field that contains an error message along with that message I have an HTML link to the object that’s causing that error. I’ve tried using the merge syntax, but the link is still being escaped. The template looks like:

{{#Error_Message__c}{{{Error_Message__c}}}{{/Error_Message__c}}
Any hints that could point me in the right direction?

Thanks!

Two things. 
1. Have you tried using {{Double Braces}} instead of triple braces.   That might help. 
See this extensive discussion on merge syntax:   http://help.skuidify.com/m/11720/l/216661-skuid-template-syntax   (especially the section on escaping) 

2. You might also try the URLdecode merge function.  Explained here: 
http://help.skuidify.com/m/11720/l/187263-global-merge-variables-functions


For those coming along later - this behavior of urlDecode was patched as of 12.0. It presented an unintended XSS vulnerability we wanted to protect our customers from.

We are researching better ways we can offer a supported method of inserting raw HTML for both V1 and V2, but in the interim if you are in a V1 skuid page our recommendation is to achieve similar behavior with a custom renderer for that field in V1 (see below for the custom render code you can use)

var field = arguments[0],
// Note: The value below (arguments[1]) will be HTML-escaped, since this is what is returned in the snippet.
// If you want the unescaped value, use model.getFieldValue(fieldId, row, noEscape) with noEscape set to true (see below)
// value = arguments[1],
fieldId = field.id,
model = field.model,
row = field.row,
element = field.element,
mode = field.mode,
fieldValue = model.getFieldValue(row, fieldId, true), // The third argument here is noEscape. Setting it to true specifies that we DON’T want an HTML-escaped result for the model field value
uriDecodedValue = decodeURIComponent(fieldValue);
element.html(uriDecodedValue);```