I have a string with html tags:
html = '</span class="repository-content"> ... </span>'
I need to allow a only specific name for the css class. I use gem sanitize.
This code works well and allows any name for the css class:
Sanitize.fragment(
html,
elements: ['span'],
attributes: { 'span' => ['class'] }
)
But need to allow only the class repository-content. Any other class name must not pass.
How can this be done? any proposal
If instead of inputting html, you input the ... part and build the span like this:
content_tag(:span, ..., class: "repository-content")
then you can write ruby to handle the logic of what to do if the class is not "repository-content".
You may have to sanitize the ..., but you probably won't have to sanitize the output of content_tag.
Related
I am trying to create a href to link user(provider) name with user(provider) account view.
I am far from expert in this - tried to copy a part of script from other place in the code where it refers to user(provider) account.
The place where I am trying to add link is:
= render partial: 'services/partials/messages/original_message', locals: { header: t('html.text.consultation_with.for_provider', name: #provider_user.name, type: t("element_names.#{#service.service_type}")),...
and the the part of script which was used to refer to user(provider) account looks like this:
[href="#{provider_path(provider)}" id="provider-#{provider.id}"]
So I tried combining those two:
= render partial: 'services/partials/messages/original_message', locals: { header: t('html.text.consultation_with.for_provider', name: [href="#{provider_path(provider)}" id="provider-#{provider.id}"], type: t("element_names.#{#service.service_type}")),...
And was not surprised that it did not worked..
You can't mix up slim element syntax (the one with square brackets, used by slim itself to create attributes of an element) with ruby code (the arguments to render, it's just a plain ruby method call!)
Maybe this would work for you, or some adaptation:
= render partial: 'services/partials/messages/original_message',
locals: {
header: t('html.text.consultation_with.for_provider',
name: #provider_user.name,
provider_link_href: provider_path(provider),
provider_link_id: "provider-#{provider.id}",
type: t("element_names.#{#service.service_type}")),
...
}
And then in the partial, use them like
a[href=provider_link_href id=provider_link_id]
Text of the link
I would like to know if it's possible to generate the label tag below using HTML Helpers:
<label class="myClass" attr1="attr1Value" attr2="attr2Value" attr3="attr3Value">labelText</label>
It's basically a standard label tag having 3 extra attributes.
You can use the htmlAttributes parameter of #Html.Label or #Html.LabelFor
#Html.Label("YourLabel", new { attr1 = "attr1Value", attr2 = "attr2Value" })
When using class or other reserved words use at #
#Html.Label("YourLabel", new { #class = "classname" })
When using attributes with dashes -, such as data attributes, use underscores _ which end up being converted to dashes -
#Html.Label("YourLabel", new { data_url = "myurl" })
However, I think support for htmlAttributes in Html.Label and
Html.LabelFor was only added in MVC4, for earlier versions of MVC
you can write your own extension method.
How to extend MVC3 Label and LabelFor HTML helpers?
Using the HtmlHelper its possible to add custom attributes to any Element.
#Html.Label("Content", new { attr1= "attr1" })
but you need to add # to attributes that are keywords e.g. class
By default, the Django admin strips away all HTML tags from user input. I'd like to allow a small subset of tags, say <a>. What's the easiest way to do this? I know about allow_tags, but it's deprecated. I also want to be careful about manually marking strings as safe that aren't.
If external library isn't a burden for you, then you must try django-bleach, it will suffice your requirement. It returns valid HTML that only contains your specified allowed tags.
Configuration:
in settings.py
BLEACH_ALLOWED_TAGS = ['p', 'b', 'i', 'u', 'em', 'strong', 'a']
BLEACH_ALLOWED_ATTRIBUTES = ['href', 'title', 'style']
BLEACH_STRIP_TAGS = True
Use cases:
1. In your models:
from django import models
from django_bleach.models import BleachField
class Post(models.Model):
title = models.CharField()
content = BleachField()
2. In your forms:
class PostForm(forms.ModelForm):
content = BleachField()
class Meta:
model = Post
fields = ['title', 'content']
In your templates:
{% load bleach_tags %}
{{ unsafe_html|bleach }}
for more usage, I suggest you must read the documentation. Its quite easy and straight forward.
documentation
You can use format_html() or mark_safe() in place of allow_tags. Although, like you were saying, mark_safe() probably isn't a good idea for user input.
format_html(): https://docs.djangoproject.com/en/1.9/ref/utils/#django.utils.html.format_html
mark_safe(): https://docs.djangoproject.com/en/1.9/ref/utils/#django.utils.safestring.mark_safe
I want to add a class for the select tag.Like this.
<select class="phone_no">
I want the ruby equivalent of the above HTML line of code.
<%= select_tag(:id, '<option value="1">Lisbon</option>.') %>
Thanks in advance.
Try this:
<%= select_tag(:id, '<option value="1">Lisbon</option>.',{}, { :class
=> 'phone_no' } ) %>
select helper takes two options hashes:,
(1) one for select - in this case {}
(2) and the second for html options - in this case class
Signature:
select_tag(name, option_tags = nil, options = {}) public
(1) Select options available:
:multiple - If set to true the selection will allow multiple choices.
:disabled - If set to true, the user will not be able to use this input.
:include_blank - If set to true, an empty option will be create
:prompt - Create a prompt option with blank value and the text asking user to select something
(2) Any other key creates standard HTML attributes for the tag
more info here
According the documentation in the select_tag, you shell pass class key-value pair via third option, i.e. shell do as follows. Also you may use html_safe method to pass a proper html as the second argument:
<%= select_tag( :id, <option value="1">Lisbon</option>.'.html_safe, :class => "phone_no" ) %>
This question is similar to another question. There the solution for setting the CSS class was to add it into the 3rd parameter of a call to FormBuilder::add():
->add('title', null, array('attr' => array('class'=>'span2')))
Unfortunately, this does not work for setting the CSS id. When I do
->add('title', null, array('attr' => array('id'=>'title-field')))
... this is ignored. The ID remains something like namespace_formtype_field.
How can I set the CSS ID, if at all?
You can do it when you render your field in twig, if you set your id outside of the 'attributes' array like so:
{{ form_widget(form.field, { 'id': 'my_custom_id', 'attr': { 'class' : 'my_custom_class }} )}}
At twig level, you can simply do this:
{{ form_widget(form. title, { 'id': 'title-field' }) }}
Tested on Symfony 2.3.4
Since an HTML element cannot have multiple ID's, what you're trying to accomplish isn't possible because Symfony already uses ID's on form elements.
The way to solve this would be to change your JavaScript to use classes instead and using
->add('title', null, array(
'attr' => array(
'class'=>'title-field'
)
))
The other way is to change the ID's your JavaScript uses to the Symfony ones.
I am convinced now there is no easy answer. The closest seems to in fact change the markup by using form theming. Thank you Michi for pointing this way.