I am adding a product attribute onto my product pages in Magento Enterprise V 1.14.1 and I can't get the HTML to display as it should on the frontend. I have WYSIWYG disabled with the 'Allow HTML Tags on Frontend' set to yes and have confirmed in my PHPAdmin databases that it is set to 1, but on my product page it is still displaying the raw HTML.
On the same page I have attributes which point to a static block with HTML and those display as they should, but this attribute which uses a text field doesn't seem to want to display correctly.
This is the code I am using to call my attribute in case that is where the issue is lying where 'static_block' is the name of my attribute I'm trying to call:
<?php echo $this->htmlEscape($_product->getData('static_block')); ?>
And what's weird is when I enable 'Visible on Product View Page on Front-end' and it appears in the 'Additional Information Tab' it displays as it should. So I'm guessing there might be something wrong with my script which is calling the attribute.
Thanks for the help!
It appears to be converting the html into Escaped HTML, which I do not think you want in this case. Try without htmlEscape() wrapping the static_block.
<?php echo $this->$_product->getData('static_block'); ?>
--- 11/10/2014 13:00 EST
It now appears you are calling an array for echo, rather than individual elements of an array.
--- 11/10/2014 13:15 EST
I stripped the HTML, used an HTML cleaner and, using Google Chrome's Edit HTML feature, I stripped out the quoted block and pasted the cleaned HTML and it worked perfectly, which pretty much confirms the Escaped HTML is to blame. It is reading <div> rather than <div> for instance.
echo $this->$_product->getData('static_block');
please use this code
Related
I have a Django project where I use the integrated forms. But it sends my client wrong HTML syntax. This shouldn't be that big of a deal since browsers nowadays clean up such errors. But when the form gets send back to the server the form isn't able to validate because firefox sends back the cleaned version.
I have a form with an multiple select:
class ProjectForm(forms.Form):
# [...]
project_leaders = forms.ModelChoiceField(widget=forms.SelectMultiple, queryset=User.objects.all(), initial=0)
This form is integrated in the respective html file:
{{ project_form.as_p | linebreaks }}
This is the source code from it (via Firefox Page Source):
<p>[...] <select name="project_leaders" required id="id_project_leaders" multiple><br>
<option value="test">test</option></p>
<p></select></p>
Firefox cleans it up oc but it should be send and accepted by django.
Does anybody know how I can django to do that?
This shouldn't be that big of a deal since browsers nowadays clean up such errors.
The browser tries its best to distill some meaning out of erroneous markup, but the result is not always what the author expected. For getting exactly the wanted structure, said author should write correct HTML. This hasn’t changed since the 90s.
In this specific case, my suggestion is to get rid of the | linebreaks filter. It is meant for plain text with at the most simple formatting tags.
The filter adds a <br> after the opening <select> tag. This leads the browser to automatically close the <select> again, since <br>s are not valid inside <select>s. The <option> elements are then placed outside the <select>, having no effect anymore whatsoever. The closing and re-opening <p> tags are a symptom of the browser not fully knowing what to do with the final stray </select>.
I'm currently working on a blog using Django and SQLite for the back end. In my setup, I stored my articles in the database in this sort of form:
<p> <strong>The Time/Money Tradeoff</strong> </p> <p> As we flesh out High Life, Low Price, you will notice that sometimes we will suggest deals and solutions that may cost slightly more than their alternatives. We won’t always suggest the cheapest laptop...
On the page itself, I have this code for where I use the session data:
<p>{{request.session.article.0.blog_article}}</p>
I had assumed that the web broswer would be able to read the HTML tags. However, it prints on the page in that form, with the visible <p> tags and the like. I think this is because it's stored as a Unicode string in the database and is put onto the page between two quotation marks. If I paste the HTML code onto the page, the format looks like I wanted it to look, but I want it to be an automated process (tell Django which article ID I want, it plugs the elements of the page into the template and everything looks great).
How can I get the stored article in a form where the page can see the HTML tags?
By default django would autoescape all strings in the template, so when you render html code in the template, they just show up as the literal html code. But you could use safe filter to turn this off:
<p>{{request.session.article.0.blog_article|safe}}</p>
I've just installed CKeditor rich text WYSIWYG editor on a site I'm building and it seems to be working ok except for the fact that it inserts text into my mysql database as encoded html rather than regular html and then when the browser outputs this text it converts the encoded data into regular html that then displays in the browser showing the html tags and none of the styling!?
eg I type:
"This is text"
into the editor and it then inserts
<p>This is text</p>
into the database. Then when the page is called the browser converts the above and outouts the following on the page:
<p>This is text</p>
obviously I just want "This is text" to display on the page.
Does anyone know why this is happening/how to solve it please?
Any suggestions would be most welcome.
Cheers
If you don't want CKEditor to create paragraphs for you, set config.autoParagraph to false. Additionally you may want to change enter key behaviour with config.enterMode set to CKEDITOR.ENTER_BR.
And regarding disappearing styles...
EDIT: OK, it seems I missed your point.
So your website is displaying HTML markup instead of HTML while rendering out what you typed?
Then the problem is your server side rather than CKEditor. You can verify in your console that CKEDITOR.instances.yourInstance.getData() yields the correct, unescaped HTML:
<p>This is text</p> // Right!
If it is so, and I strongly believe it is, CKEditor's just fine and this is your server app that is converting special chars into entities (i.e. like PHP htmlspecialchars) while saving to database. You didn't mention what kind of framework/language you use there, so I can just tell you that it is to secure user input to prevent cross-site scripting, breaking layouts etc. and all popular frameworks allow you to disable that feature for a particular field. Simply refer to documentation.
Modern templating languages tend to autoescape html input. For example, in DTL it would be displayed correctly in the template by simply using
{{ object.field_name|safe }}
This is a desired action, since user input is considered untrusted and may be considered malicious.
The browser is not parsing HTML, so on the page displaying (or in the php file) try using {! !} instead of {{ }}.
If you are using laravel, then you should use {!! $variable !!}.
For Laravel 7, 8, and 9 - foreaxample if there is a varable called- $student
and student varable holds "This is Text" in paragraph you must call the varable using singla culy brace front and back, inside two
I'm using PJAX with cakePHP. Everything works super fine, but since I'm not reloading the layout, I don't get title update. I was told I had to put a tag in the body, and that it would get removed. It seems to work but, is it valid to have an HTML page without a tag ?
EDIT : well actually the tag isn't removed, so HTML markup is invalid! What is the best practice for this? It would need to be the same for metas.
The official demo uses this in Ruby but I don't read it :
https://github.com/defunkt/jquery-pjax/blob/heroku/app/pjax.rb
https://github.com/defunkt/jquery-pjax/blob/heroku/app/views/layout.erb
Since #57 pjax also looks for a data attribute data-title in the fragment that is loaded and should update the main title.
This is much cleaner and would not break html with a title in the body.
I have this property which is HTML saved from a TinyMCE editor:
<?php echo h($person['Person']['CurriculumVitae']); ?>
How can I have it displayed on the web and rendered as RAW Html not a simple string?
Don't wrap the variable in h(), an alias for htmlspecialchars(), which escapes HTML entities:
<?php echo $person['Person']['CurriculumVitae']; ?>
Just to remove the h() might solve your issue but it will open possible security holes because the field that keeps the html from TinyMCE will now become a possible security hole.
I had the exact same issue and solved it by using http://htmlpurifier.org/ for the output of tinymce HTML. I've written also a CakePHP plugin around it. https://github.com/burzum/HtmlPurifier
HtmlPurifier will allow you to configure an allowed set of Html elements and even of it's attributes. So you could for example specify that href is allowed but class is not.
You'll need to create a config for HtmlPurifier that will match whatever you allow your users to do with TinyMce. It will remove all non allowed tags and attributes from the markup the user has entered.