I have a TinyMCE editor that is used in a web app by the user to write some rich text. Later on I save this content into DB and eventually I would like to display this content into a web page.
I need to take into account some HTML tags that are used to format text by TinyMCE. But I also want to protect from XSS attacks.
How can I safely display this content from TinyMCE in a safe way?
I have tried using TinyMCE editor itself only in read mode but the end result is not ideal from a visual stand point.
Ideally I would like to display the content seamlessly without being in a TinyMCE frame. Unless I can make such TinyMCE frame invisible...
Related
I have tried various tricks but nothing seems to be working :(
Steps:
Driver Data coming from SQL Server as Direct Query with IFrame Content (This makes rest call to some web service) as Column
Using HTML viewer visual to show IFrame content
https://appsource.microsoft.com/en-us/product/power-bi-visuals/WA104381214?tab=Overview
By default I just want to show Google.com on HTML but when they select any row from the list it pass HTML content for the selection to the HTML viewer. Is it possible!!!
I have tried selectedValue, IsCrossfiltered, HasOneValue all sort of tricks to see if it allow me to switch to default value when there is no selection and actual value when you click any row to crossfilter.
Without Selection
With Selection
Need HTML content except Google.com while do selection!!!
found this while searching how to embed HTML code into my report.. Not really an answer though.
"A final note: Not all web pages can be rendered in an iframe. Some websites such as Google and Amazon do not allow their content to be hosted on another site via iframes. Keep this in mind when using this trick"
https://powerpivotpro.com/2018/11/dynamically-embedding-web-pages-in-power-bi/
If I transfer an html website to WordPress (I know how to do this) is it possible to make the transfer so that the content on the pages is editable via a wysiwig editor?
My understanding is that any html pages I add to WordPress wont be editable on the front-end in wysiwig unless they were initially created that way.
Instead you will have multiple pages in html and the only way to edit them will be to edit the html directly?
My web application has an feature wherein preformatted RTF documents are used as templates and the user can select the source of data and then merge with the RTF documents templates to create merged RTF files. The RTF templates have placeholders which get replaced with user selected content. The final doc can either be saved or opened directly if word/wordpad is available on the local users machine.
Now, I have a requirement to display the merged document to the user for confirmation. The user may either print or save the document to the system directly. The display should not be word/wordpad application but should be within the application itself, using textarea or something similar to render the document. Can you please let me know if its possible to render the RTF document in textarea or not. Along with the displayed content, there should be options to print and save the document.If I have to convert the RTF to Html and then display the html content in textarea , please let me know how i can do the conversion and then display the html in the page.
That's a very difficult requirement. First of all, let's dismiss the idea about a <textarea>, because it does not support any formatting at all. All the WYSIWYG editors you've seen out there are based on <iframe>s.
Secondly, no browser can directly display a RTF. You can embed it as an <object>, and some might show it (IE probably will), but I can't say which ones won't. Portable devices almost certainly won't. But you should test this though, maybe it works well enough after all.
Failing that, HTML conversion is also out of question, because RTF has very very many features that cannot be emulated in HTML. There are some converters out there (google), but but they will all come with serious limitations. If you want full support, you will have to do your own rendering via Canvas or Flash or something.
To this end I'd suggest checking out Google Docs. They've gone through all of this hassle and have a rather feature-full engine for displaying most possible documents. I think it was also possible to embed them in your own webapges, though I've never checked it out myself.
Use a <PRE> tag to Display/Render RTF doc in browser.
When using a WYSIWYG editor in Joomla 1.5 to create website content I am not able to freely insert HTML tags, such as IFRAME as the HTML tags will be automatically removed on saving the article. I can either configure Joomla not to use a WYSIWYG editor which makes editing articles a bit of a pain, or I can force the HTML code into the article using MySQL Query Browser and altering the article content directly in the site's database. Doing this is not only cumbersome but also ineffective, because every time someone edits the article from the Joomla back end WYSIWYG editor, the inserted tags will be removed by the editor again.
Is there a way of inserting an IFRAME (or perhaps JavaScript) into a Joomla 1.5 article, without turning off the WYSIWYG editor or hacking away at the database?
I had the same problem that you are facing. I used Jumi to solve that. It works very well.
Short answer: no. Joomla knows best :P
But seriously, you can turn off the WYSIWYG for just your user. Go to the 'User Manager', select your account, and set the 'User Editor' preference to be 'Editor - No Editor'. That way you can type in whatever tags and code you want, without WYSIWYG borkage. But every other account on the site will still have access to their WYSIWYG's.
Doesn't take too long to toggle the WYWIWYG that way when you need to do a bit of precise HTML/Javascript/etc coding.
Actually, it depends on what you want to put in your IFRAME. If it is a URL, then you can create a "Wrapper" module containing the URL you want. Type a unique name into the "Position" field in the module. Then, you can display the results in an article by inserting the following where you want the results to appear {loadposition XXXX} where XXXX is the unique name you typed into the module's position field.
I think by using JCE Editor in joomla you are able to fix all these problem.
If you use the JCE Editor for joomla It will allow you to customize what tags are allowed. THe default Joomla editor will strip the tags out. I have also ran into issues if you toggle the editor at all it will remove them on submit. I have found the only way to do this is either with a wrapper, or a custom code module.
I need to have the user be able to cut-and-paste rich text into a big text box on my web page. How do I do that?
You can install a JavaScript editor like TinyMCE to allow for rich text. This particular WYSIWYG editor has a "Paste from Word" function that helps reduce all the nasty character encoding problems you typically have when users attempt to publish Word documents on the web.
I guess you can do it only by using IE/Windows/TinyMCE-like-widget set.
Here's some information about clipboards.