I'm currently working on a blog using Django and SQLite for the back end. In my setup, I stored my articles in the database in this sort of form:
<p> <strong>The Time/Money Tradeoff</strong> </p> <p> As we flesh out High Life, Low Price, you will notice that sometimes we will suggest deals and solutions that may cost slightly more than their alternatives. We won’t always suggest the cheapest laptop...
On the page itself, I have this code for where I use the session data:
<p>{{request.session.article.0.blog_article}}</p>
I had assumed that the web broswer would be able to read the HTML tags. However, it prints on the page in that form, with the visible <p> tags and the like. I think this is because it's stored as a Unicode string in the database and is put onto the page between two quotation marks. If I paste the HTML code onto the page, the format looks like I wanted it to look, but I want it to be an automated process (tell Django which article ID I want, it plugs the elements of the page into the template and everything looks great).
How can I get the stored article in a form where the page can see the HTML tags?
By default django would autoescape all strings in the template, so when you render html code in the template, they just show up as the literal html code. But you could use safe filter to turn this off:
<p>{{request.session.article.0.blog_article|safe}}</p>
Related
I am working on a SpringBoot based MVC application which uses mongoDB to store the data. I am using thymeleaf as the template engine. In one of the scenarios, the user needs to fill a form which is then displayed on some view.
The problem I am facing is that the user can use html tags to format the data while writing in the textArea of the form (code snippets, tabular format etc). But when I am displaying that text, the html is not being parsed and is displayed as is.
For Ex: <b>String</b> should be displayed as String but is being displayed as <b>String</b> only. When I check the source code of the page, the html tags are displayed as encoded i.e. < is showing as < ; etc and hence the parsing is not happening.
Can someone please help
You can output unescaped text with th:utext. From the official turorial
If we want Thymeleaf to respect our XHTML tags and not escape them, we will have to use a different attribute: th:utext (for “unescaped text”):
<p th:utext="#{home.welcome}">Welcome to our grocery store!</p>
The tutorial assumes that home.welcome is a string with html-tags:
home.welcome=Welcome to our <b>fantastic</b> grocery store!.
It goes without saying that this needs very careful validation so that only safe (whatever safe is for the particular use case) HTML is stored into the database (and no possibly malicious code like <script/> tags).
I'm currently using AngularJS as my frontend and mongodb as backend database. I use textAngular for post edit. When I create a new post, say service agreement, the post comes with some formatting which is automatically implemented by wearing some html tags by textAngular, like
<p>hello world, this is just some test string</p>
<p>1. condition one</p>
<p>2. condition two</p>
<p>Contact: http://www.google.com</p>
I then store the post content that has all those html tags into Mongodb, and later, print out this post on another webpage, however the printed out version has all the html tags showing up instead of preserving the desired formatting... How can I achieve what I want? That is, to print out the content with original formatting, NOT the raw html tags?
Hmmm, I really should've dig a bit more, say $scope.postContent is the string that retrieved from mongodb that has the post content with html tags, answer is simple:
<div ng-bind-html="postContent"></div>
For Angular version lower than 1.2, you may wanna use
<div ng-bind-html-unsafe="postContent"></div>
instead.
i was just wondering (since i didn't find anything quick on Google) if its possible (and how do i achieve that) to search directly in an html file, and ignore the tags or not as i please?
explaining a bit further. we wrote a crawler and obviously the crawler gives back the HTML of the page. But if i feel like searching the content of the crawler, do i need 2 separate fields one with html and one without or i can just have one field with html and search ignoring the html tags or not.
thanks in advance.
If i correctly understand you, all you need is to set search indexes without html tags?
We solved that problem this way:
class PostIndex(indexes.SearchIndex, indexes.Indexable):
text = indexes.CharField(model_attr='text', use_template=True, document=True)
and in template (search/indexes/blogs/post_test.html) we just used striptags filter
{{ object.content|striptags }}
After that you need to build_schema and rebuild_index. Now it search correctly without tags.
I've just installed CKeditor rich text WYSIWYG editor on a site I'm building and it seems to be working ok except for the fact that it inserts text into my mysql database as encoded html rather than regular html and then when the browser outputs this text it converts the encoded data into regular html that then displays in the browser showing the html tags and none of the styling!?
eg I type:
"This is text"
into the editor and it then inserts
<p>This is text</p>
into the database. Then when the page is called the browser converts the above and outouts the following on the page:
<p>This is text</p>
obviously I just want "This is text" to display on the page.
Does anyone know why this is happening/how to solve it please?
Any suggestions would be most welcome.
Cheers
If you don't want CKEditor to create paragraphs for you, set config.autoParagraph to false. Additionally you may want to change enter key behaviour with config.enterMode set to CKEDITOR.ENTER_BR.
And regarding disappearing styles...
EDIT: OK, it seems I missed your point.
So your website is displaying HTML markup instead of HTML while rendering out what you typed?
Then the problem is your server side rather than CKEditor. You can verify in your console that CKEDITOR.instances.yourInstance.getData() yields the correct, unescaped HTML:
<p>This is text</p> // Right!
If it is so, and I strongly believe it is, CKEditor's just fine and this is your server app that is converting special chars into entities (i.e. like PHP htmlspecialchars) while saving to database. You didn't mention what kind of framework/language you use there, so I can just tell you that it is to secure user input to prevent cross-site scripting, breaking layouts etc. and all popular frameworks allow you to disable that feature for a particular field. Simply refer to documentation.
Modern templating languages tend to autoescape html input. For example, in DTL it would be displayed correctly in the template by simply using
{{ object.field_name|safe }}
This is a desired action, since user input is considered untrusted and may be considered malicious.
The browser is not parsing HTML, so on the page displaying (or in the php file) try using {! !} instead of {{ }}.
If you are using laravel, then you should use {!! $variable !!}.
For Laravel 7, 8, and 9 - foreaxample if there is a varable called- $student
and student varable holds "This is Text" in paragraph you must call the varable using singla culy brace front and back, inside two
I have an HTML page which needs to display some HTML generated by the user on the Administration area (like a blog, for instance). The problem is that the user sometimes needs to copy-paste tables and other "garbage" content from Word/Excel to the WYSIWYG editor (that has the proper "paste from Word" function). This causes the resulting HTML code to be very dirty.
It wouldn't be a problem unless some of these pages are shown totally wrong: other divs AFTER user's HTML code are not in their supposed position, floats are not respected... etc...
I tried putting a div:
<div style="clear: both;"></div>
without success. I even tried with iFrames, but iFrames accept only external webpages (if applicable...).
The question is: is there any tag or method to put a part of an HTML code inside a webpage discarding all formatting AFTER this code?
Thank you.
To my knowledge, you simply want to end all divs. HTML is a very simple code, with very simple options. Your example doesn't work because HTML isn't that advances. You can either start a function <...> or end a function .
Ideally what you want is a piece of code that puts their work in a separate frame entirely, so as soon as the page passes their code, it goes back to the correct formatting.
Or, you could be really sloppy and put one hundred 's in, just in case.