I have a string variable that contain HTML code and I want it to render instead of displaying it as text. I tried different Pug configurations :
If the variable content contains the string #something :
p(style="white-space: pre-line")
| #{content}
displays the string as text and doesn't render it,
p(style="white-space: pre-line")
#{content}
display this : <#something>#something> with the first #something being clickable,
p(style="white-space: pre-line")
#[content]
and this returns an error.
Is there a possible way to do this ? Thanks !
Simply replace the hash of #{content} with an exclamation mark: !{content}. This is called unescaped string interpolation and should render your content without escaping HTML tags:
p(style="white-space: pre-line")
| !{content}
Related
Suppose you have a word "day" in 100 sentences in your document. You can change the color of that word in the following way:
<span style="color: #ff0000"> day </span>
The problem is that you need to do it 100 times. I am using Django and I want to do it inside template with for loop. So, my problem is now to change the color of a string inside some sentence that I don't know what it will be. I tried with something like:
def colored(sentence, string, color):
if string not in sentence:
return sentence
else:
colored_string = f'<span style="color: {color}"> {string} </span>'
return colored_string.join(sentence.split(string))
I thought that that will give me colored variable string, but that wasn't the case. It just returned the string '....<span....' without any including the same stuff. It just like it didn't recognized html at all. What is the correct way of solving the same problem?
disable autoescape, django realises that your string is code and just refuses to render it as code for security reasons
ref
<img [src]=post.$value.split("|")[2]>
I want to bind the value post.$value.split("|")[2] to an image source. It is simply a string that comes from another string I have split. I want to avoid looping through another array since I have
*ngFor = 'let post of posts | async'
As the ngFor statement that loops over my elements and that is a FirebaseListObservable which I would like to avoid to mess with and keep like it is. For some reason html doesn't recognize the square brackets in the expression. What do I do, Angular won't recognize it using either the input [] syntax or the {{}}syntax.
You should surround your expression with quotes :
<img [src]="post.$value.split('|')[2]">
We are using s:property tag to display string value on struts 2.
<s:property value="stringValue"/>
If "stringValue" has multiple spaces then it is showing only 1 space instead of exact text.
Ex: String stringValue ="Hello World, Welcome";
Output: Hello World, Welcome.
Here string text has two space in between but on application it is displaying only 1 space.
I have tried to use escapeHtml as false but same issue.
What is wrong with this tag?
Best Regards,
RKG
Nothing is wrong with the tag.
HTML treats multiple whitespaces as a single whitespace; that's just the way HTML is.
If you want to explicitly have multiple spaces you'll need to convert them to entities. There are a zillion ways to do that.
I have a scenario where-in I fetch some text from the database which is formatted using HTML as below:
public static void main(String args[ ]) { <br> int x =10;}
I'm using syntax highlighter to do some highlighting. The String above will be fetched from the database, and rendered in the html page using the pre tag as shown below:
<p><pre class="brush: java;">#exam.description</pre></p>
Where exam.description will contain the HTML formatted source code that is shown above. The resultant HTML rendered is as shown below in the screenshot!
How to ensue that the HTML tags inside the source code are respected as HTML tags? I checked the configuration options for the Syntax Highlighter and there seems to be none that I could use to escape the HTML! Any suggestions?
Your question doesn't make much sense, maybe you should rephrase it, in any case:
<p><pre class="brush: java;">Line 1\nLine 2\nLine 3\n</pre></p>
Will return the data in multiple lines, and
<p><pre class="brush: java;">Line 1<br>\nLine 2\nLine 3\n</pre></p>
Will also return multiple lines and add an extra line between Line 1 and Line 2.
So in any case, your code should work UNLESS you are escaping the data returned from the function (java function), and the < and > (or just one of them) are escaped
HTML myHtml=new HTML(SafeHtmlUtils.fromString("<i>Test</i>"));
HTML myHtml2=new HTML("<i>Test2</i>");
testHTMLPanel.add(myHtml);
testHTMLPanel.add(myHtml2);
OUTPUT:
<i>Test</i>
Test2
The right output should be the formmatted text like the second one. Other Gwt html widget also have the similar problem.
I am using Eclipse Juno.
SafeHtmlUtils.fromString(String s)
HTML-escapes its argument and returns the result wrapped as a SafeHtml.
That means that you get somthing like .0;i&#.62;Test&#.60;&#.47;i&.#62;
Check
https://developers.google.com/web-toolkit/doc/latest/DevGuideSecuritySafeHtml
It's a security thing:
The reason why you have SafeHtmlUtils.fromString(userString) is that you can take a dynamic string, for example from a user input, and create a html text from it. It's more safe than just use Html.setText(userString) because with setText(userString) it would be feasible to inject vulnerable code.
more about input validation: http://www.testingsecurity.com/input-validation