I have Page Form extension instaled on my Mediawiki. I have text field in with i want to store password information. In my template i have next code
{{#if:{{{mailboxpass|}}}|{{{mailboxpass}}}|<span style="color: red">no</span>}}
In my form i have next code
{{{field|mailboxpass|size = 20}}}
But when i add text like this Q?}6Ogcp in this field i have a error because Mediawiki engine sees an unclosed bracket. How can I make sure that such password storage fields are not checked for syntax correctness? And what Mediawiki would not try to apply markup to such fields?
Thank you!
Related
I'm trying to insert an e-mail address with the ckeditor. After I saved my content element (text&media), the source code showing the ckeditor looks fine
some#mailaddress.com
But when I visit the webpage only the following is visible:
some(at)mailaddress.com
I found out, that the problem is the spam protection. If I enable
config.spamProtectEmailAddresses = 1
The mail not rendered anymore. It's working without protection, but I want to use it.
Thank you for help.
I have performed the following test (TYPO3 8.7.7) and CKEditor with full configuration:
1) config.spamProtectEmailAddresses = 1 and config.spamProtectEmailAddresses_atSubst = [at]
2) Create a CE text with image
3) write test email into the text editor and then use the "link" button to add an email address
3.1) write test#email.it into the text editor and then use the "link" button to add an email address
3.2) write test#email.it into the text editor without adding the link
Results
3.1) the href attribute of the link is encrypted (javascript:linkTo_UnCryptMailto('...');)
3.2) the href attribute of the link is encrypted (javascript:linkTo_UnCryptMailto('...');) while the visible text does not become test[at]email.it
3.3) no link is added to the text; the visible text does not become test[at]email.it
Could you tell us if you installed some CKEditor plugins or some write some detail of your configuration?
I found it out!
The problem was at my fluid template. I wrapped the {CONTENT} variable with
<f:format.html parseFuncTSPath="lib.parseFunc">{CONTENT}</f:format.html>
It's working now after I changed this to
<f:format.raw>{CONTENT}</f:format.raw>
but if you use <f:format.raw>, the email address is not spam protected anymore. Thats not, what you wanted, isn't it?
I have the problem, the <pre>-tag is html encoded and only works in <f:format.raw>, but then, the email addresses are plain.
Martin
I have a form with a text field that users input text into. They can use multiple lines, put in bold text, underlined text, etc., but the text, when saved to SQL Server doesn't have any formatting saved, just the text is saved. What is the best way to save the text with the HTML so that when it gets viewed by another user and pulled up from Sql Server the HTML is saved and the formatting is saved?
Ex.
hello
Paul
This would be saved as
helloPaul
you can't see it but there are bold and carriage return html tags rapped around the text
When receiving data from the user, on the server side code, use HTML encode to safely store the data:
var inputData = Server.HtmlEncode("<strong>some data input from user</strong>"); //insert your user input data variable here
Then when displaying the data in your cshtml page, decode the data to display it as the user entered it:
HttpUtility.HtmlDecode(saveUserDataFromDatabaseVariable);
All this is assuming you have a rich text editor being plugged into the input field. CKEditor and TinyMCE are good ones.
You can use a text editor. Take a look at CKEditor. It's free and easy to use :)
Can you post some code and more details?
I have had good success with CKEditor. It is customizable, and its content can easily be saved via postback to a standard asp:TextBox.
It is possible that the editor you are using is not actually updating the input/textarea that you are using, it may be cloning the text and drawing the formatting in an overlay. You can use developer tools, or javascript, to verify this by checking the value property of the input or textarea element. If it is being saved via AJAX or javascript the code may be using the textContent or innerText properties instead of innerHTML.
I used the richtexteditor dll that's free online. it gave me a wiziwig box that the user can edit texxt in.
I've just installed CKeditor rich text WYSIWYG editor on a site I'm building and it seems to be working ok except for the fact that it inserts text into my mysql database as encoded html rather than regular html and then when the browser outputs this text it converts the encoded data into regular html that then displays in the browser showing the html tags and none of the styling!?
eg I type:
"This is text"
into the editor and it then inserts
<p>This is text</p>
into the database. Then when the page is called the browser converts the above and outouts the following on the page:
<p>This is text</p>
obviously I just want "This is text" to display on the page.
Does anyone know why this is happening/how to solve it please?
Any suggestions would be most welcome.
Cheers
If you don't want CKEditor to create paragraphs for you, set config.autoParagraph to false. Additionally you may want to change enter key behaviour with config.enterMode set to CKEDITOR.ENTER_BR.
And regarding disappearing styles...
EDIT: OK, it seems I missed your point.
So your website is displaying HTML markup instead of HTML while rendering out what you typed?
Then the problem is your server side rather than CKEditor. You can verify in your console that CKEDITOR.instances.yourInstance.getData() yields the correct, unescaped HTML:
<p>This is text</p> // Right!
If it is so, and I strongly believe it is, CKEditor's just fine and this is your server app that is converting special chars into entities (i.e. like PHP htmlspecialchars) while saving to database. You didn't mention what kind of framework/language you use there, so I can just tell you that it is to secure user input to prevent cross-site scripting, breaking layouts etc. and all popular frameworks allow you to disable that feature for a particular field. Simply refer to documentation.
Modern templating languages tend to autoescape html input. For example, in DTL it would be displayed correctly in the template by simply using
{{ object.field_name|safe }}
This is a desired action, since user input is considered untrusted and may be considered malicious.
The browser is not parsing HTML, so on the page displaying (or in the php file) try using {! !} instead of {{ }}.
If you are using laravel, then you should use {!! $variable !!}.
For Laravel 7, 8, and 9 - foreaxample if there is a varable called- $student
and student varable holds "This is Text" in paragraph you must call the varable using singla culy brace front and back, inside two
I'm new to OTRS and I have to add an HTML checkbox with some text in the ticket submit page. Essentially, I need the user to accept a privacy statement (clicking on the checkbox) before he submits a new ticket. Hence, the submit button has to be enabled only after the user clicks on the checkbox. How can I do this?
I know HTML, but I don't know OTRS architecture so I can't figure out how can I modify HTML pages.
In Kernel->Output->HTML->Standard I've founded HTML templates (*.dtl), but:
I don't know which elements are part of ticket submitting page;
I don't know if I need to modify an existing template, adding HTML, or to create a new template (in this second case I think I should modify some perl module that call the layout, but which one!?!)
I'm trying to open .dtl files to understand which I've to modify, but Firefox can't render them correctly; how can I open them?
If you want customers to accept a privacy statement you don't need to code.
You can simply go to Admin > SysConfig > Framework > Frontend::Customer and activate the CustomerPanelPreApplicationModule###CustomerAccept module, and the InfoKey and InfoFile values. When the customer logs in the text in the InfoFile is displayed and the customer needs to accept this. After accepting the InfoKey is stored in the User Preferences. This way the system will not bother asking permission to the customer again, and if you might change the policy you can change the key as well, displaying the message when needed.
For your questions on .dtl files: these are plain HTML files, but different blocks are rendered by the files located under Kernel/Modules.
If you want to modify the page that is used for submitting new tickets, it's this file:
CustomerTicketMessage.dtl. You can edit these files with any text editor.
On my site, people can link to topics with buttons I made. Those buttons are putting out a (look: http://....) or (look: (link without http://) on the textarea and when they submit it, the hyperlink shows in their post. That is very nice, but if I fetch this data to show them their last posts, I don't get the hyperlink, but just the plain text. So (look: http://....) does not lead to a link...
I have seen in phpmyadmin that it is stored as plain text, so I can understand that, but how can I make those things hyperlinks and the rest of the text (the no-links) just plain?
Try using htmlentities to convert those hyperlinks before saving them in your database. You can then use html_entity_decode when getting the data from the database.
Please take into account the aforementioned comments about security issues. You have to sanitize data the user inputed data before you further process the data.
To answer your question. Store the links in a separate column of your table. Then fletch your links to the user via PHP - I guess you are using MySQL in combination with PHP - like you do with the posts. If you want to create a link you need to use the anchor HTML tag. E.g. Name link.