# HTML Filter
The **HTML Filter** allows you to use DWScript in a "PHP-style" way, where you can mix HTML and Pascal code in the same file. This is the primary mode for building dynamic web pages in the DWScript WebServer.
When the filter is active, the engine treats the entire file as literal text to be printed, except for code enclosed within special tags.
## Syntax Tags
By default, the HTML filter uses the following tags:
| Tag | Description | Equivalent Pascal |
| :--- | :--- | :--- |
| `<?pas ... ?>` | **Code Block**: Executes the Pascal code inside. | `...` |
| `<?pas= ... ?>` | **Evaluation Tag**: Evaluates an expression and prints the result. | `Print(...);` |
### Code Block Example
You can use standard Pascal control flow (loops, conditionals) to generate HTML dynamically.
```pascal
<ul>
<?pas
for var i := 1 to 3 do begin
?>
<li>Item Number <?pas= i ?></li>
<?pas
end;
?>
</ul>
// OUTPUT
// <ul>*
// <li>Item Number 1</li>
//
// <li>Item Number 2</li>
//
// <li>Item Number 3</li>
//
// </ul>
```
### Expression Evaluation
The `<?pas= ... ?>` tag is a shorthand for `Print()`. It is commonly used for injecting variables or the results of function calls into the HTML.
```pascal
<p>The current date is: <?pas= DateToStr(Now) ?></p>
// OUTPUT
// <p>The current date is: *</p>
```
:::tip
#### Automatic HTML Escaping
Unlike some other languages, the HTML filter does not automatically escape output. For security and to prevent XSS, you should use the `.ToHtml` helper on strings: `<?pas= myVar.ToHtml ?>`.
:::
## Beyond HTML: Versatility
While commonly used for HTML, the "HTML Filter" is actually a general-purpose text preprocessor. Because it does not perform any automatic escaping, you can use it to generate CSS, JSON, XML, or plain text by simply setting the appropriate `ContentType` in the `WebResponse`.
```pascal
<?pas
// Generate dynamic CSS
WebResponse.ContentType := 'text/css';
var bgColor := '#f0f0f0';
?>
body {
background-color: <?pas= bgColor ?>;
}
// OUTPUT
// body {
// background-color: #f0f0f0;
// }
```
This flexibility is why built-in HTML escaping is omitted; the filter has no way of knowing if your output target requires HTML entities, CSS escaping, or no escaping at all.
## The $FILTER Directive
The `{$FILTER "filename"}` directive (shorthand `{$F "filename"}`) allows you to include an external file and process it through the current filter.
This is different from a standard `include` because the included file will also be treated as HTML with `<?pas` tags.
```pascal
// NO_COMPILE
<div>
<h1>Page Header</h1>
{$FILTER "sidebar.html"}
</div>
```
If `sidebar.html` contains:
```html
<aside>
User: <?pas= WebRequest.QueryField['user'] ?>
</aside>
```
It will be correctly processed before being injected into the main page.
## Configuration
In a custom host application, the HTML filter is provided by the `TdwsHtmlFilter` component. You can customize the tags if needed:
- **PatternOpen**: Default is `<?pas`.
- **PatternClose**: Default is `?>`.
- **PatternEval**: Default is `=`.
## Handling Special Characters
The filter is designed to handle special characters like quotes and newlines gracefully. When it processes text outside of tags, it automatically wraps it in `Print()` calls, escaping any single quotes found in the text so they don't break the Pascal string literals.
Example of filtered output transformation:
`It's a "beautiful" day` -> `Print('It''s a "beautiful" day');`
HTML Filter
The HTML Filter allows you to use DWScript in a "PHP-style" way, where you can mix HTML and Pascal code in the same file. This is the primary mode for building dynamic web pages in the DWScript WebServer.
When the filter is active, the engine treats the entire file as literal text to be printed, except for code enclosed within special tags.
Syntax Tags
By default, the HTML filter uses the following tags:
Tag
Description
Equivalent Pascal
<?pas ... ?>
Code Block: Executes the Pascal code inside.
...
<?pas= ... ?>
Evaluation Tag: Evaluates an expression and prints the result.
Print(...);
Code Block Example
You can use standard Pascal control flow (loops, conditionals) to generate HTML dynamically.
<ul><?pas
forvar i :=1to3dobegin
?><li>Item Number <?pas= i ?></li><?pas
end;
?></ul>
Result
<ul>*
<li>Item Number 1</li>
<li>Item Number 2</li>
<li>Item Number 3</li>
</ul>
Expression Evaluation
The <?pas= ... ?> tag is a shorthand for Print(). It is commonly used for injecting variables or the results of function calls into the HTML.
<p>The current date is:<?pas= DateToStr(Now) ?></p>
Result
<p>The current date is: *</p>
:::tip
Automatic HTML Escaping
Unlike some other languages, the HTML filter does not automatically escape output. For security and to prevent XSS, you should use the .ToHtml helper on strings: <?pas= myVar.ToHtml ?>.
:::
Beyond HTML: Versatility
While commonly used for HTML, the "HTML Filter" is actually a general-purpose text preprocessor. Because it does not perform any automatic escaping, you can use it to generate CSS, JSON, XML, or plain text by simply setting the appropriate ContentType in the WebResponse.
This flexibility is why built-in HTML escaping is omitted; the filter has no way of knowing if your output target requires HTML entities, CSS escaping, or no escaping at all.
The $FILTER Directive
The {$FILTER "filename"} directive (shorthand {$F "filename"}) allows you to include an external file and process it through the current filter.
This is different from a standard include because the included file will also be treated as HTML with <?pas tags.
It will be correctly processed before being injected into the main page.
Configuration
In a custom host application, the HTML filter is provided by the TdwsHtmlFilter component. You can customize the tags if needed:
PatternOpen: Default is <?pas.
PatternClose: Default is ?>.
PatternEval: Default is =.
Handling Special Characters
The filter is designed to handle special characters like quotes and newlines gracefully. When it processes text outside of tags, it automatically wraps it in Print() calls, escaping any single quotes found in the text so they don't break the Pascal string literals.
Example of filtered output transformation:
It's a "beautiful" day -> Print('It''s a "beautiful" day');