I was planning to create an app where the users can create their own blog page and others can link it in my web, like facebook. And then, I thought about using iframe with the sandbox attribute to view the page with the safe filter in the template. So, is it safe to implement it in this way??? Or is there any other way around? Please, any help will be much appreciated!
Thanks.
The safe filter in the template is your way of telling django that you can vouch for any content appearing there and that it isn't malicious. I'd therefore say it's not secure to use for user-generated content. An iframe is also unnecessary here. You might want to look at something like bleach for user-generated html content.
Related
We have a web app that we want to integrate in the websites of several clients by a subdomain, since in most cases we cannot modify their webs. Besides, our web is build in a different language and we want to keep it in our servers.
At the moment, they are adding links on their site's menu to our subdomain, however, they want to keep the same header and the footer so that the user feels that they are on the same website.
For now, we are copying the html and inserting it in our template, but this is not a good solution for the future and we are having several problems due to javascript conflicts.
How can we solve this? An iframe does not allow us to modify its content, I think. Thanks in advance.
Don't know any good ways to do this client side.
First thought is to have all the pages link your Javascript to create the header/footer, but it's not good to require Javascript to display content.
HTML imports would really be perfect for this, but it not well supported. You can consider if you're willing to use a polyfill, like Google's webcomponents.
I feel like best approach here would be to do this somehow not on client side. Either use a server that lets you use a template engine, or some static site generator that supports templating.
I have been spending my past week on the Internet to find at least one hint about it. There are no tutorials or even SO questions available. What I am trying to find is that when some website uses some library like oEmbed to embed content of other websites on their website, they fetch embed code from its link. For example, when you post a YouTube link on Facebook or other social networks, they automatically fetch their embed code. I know how to fetch embed code but what I don't know is how to provide embed code that can be fetched by other websites by using a link of my website's content?
I want that my article should be embedded in some special way. Not like the default layout of that website. So is there any META tag or something in HTML where I can put embed code for other websites?
I don't think what you want is possible. You can use special meta-tags that specific sites (e.g.: Facebook, Twitter, Linkedin) will interpret, and that will help you customize the share a little (still using the "host site" style). But as far as I know, there's nothing you can do to provide style/code of your own.
And it makes sense from a security point of view: embedding external code from an unknown source is potentially dangerous and no site would/should allow you to do it. Even if they do allow it, they should pre-process the code and sanitize it (adapting your style/code to their style/code) to prevent possible threats.
As suggested by Alvaro Montoro, I searched on the Internet about how to become an oembed provider. Following are the links I found:
https://timnash.co.uk/becoming-oembed-provider/
http://freear.org.uk/content/5-steps-being-oembed-provider
You may want to use the CSS !important directive.
http://css-tricks.com/when-using-important-is-the-right-choice/
friends.
I have site written in angular.
How google or other search robots indexing this sites?
What techniques can be used to allow robots to see pages content?
Internet says how optimise site on angular for indexing if $locationProvider.html5Mode(false);
Exist method for indexing site if url of pages like: http://site.com/!#audio/1234
But in my site $locationProvider.html5Mode(true);
That means that url of pages without !#
http://site.com/audio/1234.
But all content of page loades with javascript.
I need help. Thank you!
Your server will receive a request at http://site.com/audio/1234. Somehow you will need to be able to return some content.
For now the only strategy I know is to render that page on the server-side also... Which involved some (or a lot of) work.
It's also good for the browsers that does not support pushStates yet. That way these users can still access the data.
You can also take a look at this http://docs.meteor.com/#spiderable They render the page on the server-side by executing the client-side javascript on the server-side.
Here's a similar question: pushState and SEO
I have affiliated with expedia and I am using their API system. One of their requirements for launching the site is adding the terms and agreements to my page and they give us this page: http://travel.ian.com/index.jsp?pageName=userAgreement&locale=en_US&cid=xxx. I do not want to go to a different site, and I can not copy and paste the information because of updates. I also prefer not to use an iframe. Does anyone have any ideas on how to do this? Here is a webpage using this on their site with their domain: http://www.helloweekends.com/terms.htm. Does anyone know how they did this? Any help would be greatly appreciated!
Since it originates from another domain, it wouldn't be possible to use JavaScript, due to the same origin policy. Also, relying on JavaScript for the update would be trouble for users who has JavaScript disabled, as they wouldn't see the terms. Since you don't want to use an iframe, or copy the content, I guess your best shot would be to scrape their page with a server-side language of your choice, and then display it on your page.
Scraping can be a bit tricky though, if you rely on their markup. If they change their markup, there is a chance that your script will break, thus stop updating the terms.
There are various tutorials available on how to scrape sites. Here are a few PHP examples:
Web scrape with PHP
PHP Screen Scraping Tutorial
Note Make sure that they allow you to scrape the page prior to implementing it, so that you don't violate their rules.
Do you know if their API serves something with JSON? A JSONP call can get the values to you, but it will make your page rely on javascript for the users to see the updated page.
Another option is to use PHP of any other server side language to get the contents of the url, process it and return the block you require.
I would suggest the load() function offered by jQuery. It makes a simple AJAX call to retrieve a file, and you could even use a selector to only grab part of the page. For example, load the contents of a HTML page into a div:
$('#div_id').load('my_file.html');
Or just load a part of the page:
$('#div_id').load('my_file.html #main_text_id');
I would like to use my website on mechanical turk.
But because I can only enter static HTML into mechanical turk's description.
I need to somehow place my website there. How do I do that?
You can't effectively do this, with one exception.
See if they permit the iframe element. If they do, then you can use an iframe to reference your web site. Be warned, cookie behavior and other things may cause interaction problems on your site. iframe is also considered a security risk, so I would not be surprised if they don't allow it.
Your actual best bet is going to be merely linking to your site from the description field you're given.