I´m having a little problem. I am using gmap in primefaces and we need to load the script
<script src="http://maps.google.com/maps/api/js?sensor=true" type="text/javascript"/>
However I need to load the script according to the language of the user Locale.
How can I manage to do that without "hardcoding" the string?
I tried something like this :
<script src="http://maps.google.com/maps/api/js?sensor=true&language="#{template.userLocale} type="text/javascript"/>
// {template.userLocale} has a string o the locale
Can you help please?
You've there a HTML syntax error. What you end up getting would look like this given a language of en:
<script src="http://maps.google.com/maps/api/js?sensor=true&language="en type="text/javascript"/>
(rightclick page in browser and do View Source to see it yourself)
You need to move the doublequote to the end of the attribute value:
<script src="http://maps.google.com/maps/api/js?sensor=true&language=#{template.userLocale}" type="text/javascript"/>
So that the HTML will end up to be:
<script src="http://maps.google.com/maps/api/js?sensor=true&language=en" type="text/javascript"/>
EL can just be used in template text. You need to realize that JSF basically produces HTML code. The HTML <script src> attribute and the EL #{} doesn't run in sync. Instead, JSF/EL procuces it and you just need to make sure that the resulting HTML is syntactically valid.
Related
I´m using this W3 script:
<!DOCTYPE html>
<html>
<script src="https://www.w3schools.com/lib/w3.js"></script>
<body>
<div w3-include-html="content.html"></div>
<script>
w3.includeHTML();
</script>
</body>
</html>
It works perfectly, but my issue would be that I only need one particular portion of the "content.html", and not all of it. So my question is: How do I use w3-include-html for PARTIALLY html include?
Thanks!!
You can't include part of a partial; the whole point of a 'partial' is that it in itself represents part of the code, not code that you should extract a part from.
You can include more than one partial on a page, but the partials themselves must be exactly what you're trying to include at that point; you can't 'extract' content from a partial.
Simply shrink your content.html so that it only contains the output that you would like to include on your main page.
Having said that, considering W3.js can only import HTML, there's literally no reason to store the partial HTML in an external file. Not only does this create a second, unecessary file, but it also adds a reliance on JavaScript. If your visitor opts to disable their JavaScript, your partial won't work. Thus, I strongly recommend simply writing the content of content.html in the main page itself.
Hope this helps!
Using NodeJS I would like to parse a variable defined in JSON, which is embeded in HTML of 3rd party website. What is the easiest way to get mentioned variable from HTML?
Chunk of HTML from which I would like to extract mentioned JS can be seen bellow:
...
<footer>
<div>
<script type="application/ld+json">
{"#context":"http:\/\/schema.org","#type":"BreadcrumbList","itemListElement":[{"#type":"ListItem","position":1,"item":{"#id":"https:\/\/www.domain.com\/","image":"https:\/\/assets.domain.com\/img\/facebook\/stuf.png","name":"Home"}}]}
</script>
<script>
var API_URL = ["https:\/\/api1.domain.com\/api","https:\/\/api2.domain.com\/api","https:\/\/api3.domain.com\/api"],
</script>
</div>
</footer>
...
The following HTML is parsed from XY website using NodeJS. I would like to avoid using eval().
I tried with JSDOM, but I didn't know how to select mentioned <script>. Is regex the only solution?
In case you provided, the selector will be: footer>div>script:nth-child(2).
Is this what you're asking for?
This is more about security than programming, but I'll post it here anyways.
A markup parser renders a math block as:
<script type="math/tex">
% tex code here
</script>
A client side library (aka MathJax) then detects these <script> tags and turns them into math.
My question is: when sanitizing the HTML, is it okay to allow <script type="tex/math"> tags?
Is there a chance that browsers interpet such a tag as JavaScript (enabling an XSS)?
This should be safe. It depends on how you are allowing these tags through whilst HTML encoding everything else.
Also beware of any user controlled content within your script tags.
e.g. if a user could set % tex code here to something like
</script>
<script>
alert('xssed')
then the following would be rendered:
<script type="math/tex">
</script>
<script>
alert('xssed')
</script>
and then the JavaScript would be executed.
I am using underscore.js to template my code.Their is some html code written in file that is worked already fine.
when I write this code then javascript refuse to run it.
<script type="text/javascript" id='tmpl_experiment_schdule'>
<div>
</div>
</script>
can someone explain me how other people code work and mine just open closed div break to run.
Because you're not allowed to use HTML code outside of a string inside of a <script type="text/javascript"> element. The symbol < is used as a comparison operator, not as a tag starting token.
Since you didn't provide a left hand side < is unexpected. The parser expects something like
<script type="text/javascript">
2 < 4;
</script>
I'm trying to display XML tags mixed in with plain text on a web page. I do this from a python script that obtains it's data from a database. I've simplified my problem to the program below.
#!/usr/local/bin/python
print """Content-type: text/html;charset=utf-8\n\n"""
print """<html><body>
start:<![CDATA[This is the <xml> tag </xml>.]]>:end
</body></html>"""
I'm expecting it to display the following:
start:This is the <xml> tag </xml>.:end
In both IE8 and Chrome15 it however displays the following:
start: tag .]]>:end
When I look at the HTML source of the page in IE, I can see the following:
<html><body>
start:<![CDATA[This is the <xml> tagxml.]]>:end
</body></html>
In Chrome I see the the same when looking at the source, but it seems that the <![CDATA[This is the <xml> part is in green because it is considered a comment.
I particularly want to keep the text (instead of converting the < to <) because via javascript I access the elements, allowing people to edit them in a separate textarea. Converting them would then save them converted, resulting in problems further down in processing. I could convert them back before saving, but this seems like the wrong approach.
Any idea what I'm doing wrong?
Thanks in advance,
Grant
CDATA is part of XML, not HTML, so the browser ignores it, and then treats any tags in it as it would any other tags - ignoring ones it doesn't recognise, and paying attention to those it does.
I think there's no alternative but to use < etc and convert to tags when editing and convert back when saving.
<!DOCTYPE html>
<html>
<body>
<div id="div1"><b>hi</b></div>
<textarea id="area"></textarea>
<script type="text/javascript">
var div1 = document.getElementById('div1')
var area = document.getElementById('area')
var text = div1.firstChild.nodeValue
area.value = text
</script>
</body>
</html>
Where the problem is?