Variations on my problem have been discussed elsewhere, so I hope I'm not duplicating!
I'm implementing a simple Private Messaging System as part of a web app. I've got an annoying problem though when dynamically inserting text into a textarea box in order to make a reply. Getting the content and displaying it is fine, but I can't work out how to format it correctly.
Obviously, I can't use html tags, but plain text formatting like line breaks and carriage returns seem to be ignored too.
This happens when an existing message is being displayed either as part of a reply or as a thread in a new message.
How do I check what formatting is being saved in my db? Or indeed what formatting is being sent back from my db?!
What about using some for of HTML editor for the replies. Save the html in the database and shown them again in the editro on your web site.
Check this wiki page for a list of possible editors
UPDATE:
Thanks for your replies, but I've worked it out. I was playing around and realised the problem was at the stage of sending the data to the db. I passed the text through the nl2br() function before sending it to the db and this seems(!) to have done the trick!
Related
I am facing a behavior that I really don't understand.
If you go on the webpage: https://www.edel-optics.fr/Lunettes-de-soleil.html#ful_iPageNumber=1 and inspect the code you will realize that it's the same html content as on https://www.edel-optics.fr/Lunettes-de-soleil.html#ful_iPageNumber=7
=> to test it, try to search "ERIKA - 710/T5" on both source codes and you will find it (but you should only find on the ful_iPageNumber=1).
Why is it behaving like this ?
Secondary question: how to I get the real content of https://www.edel-optics.fr/Lunettes-de-soleil.html#ful_iPageNumber=7 ?
Thank you for your help
John
Problem
You have explained that when you perform a search, you get the same results as with your pagination (page 1)
Issue
You are not getting the value your searching for placed into the URL
https://www.edel-optics.fr/Recherche.html?time=1519871844737#query=
the #query is = to nothing
You would be needing something like:
https://www.edel-optics.fr/Recherche.html?time=1519871844737#query=ERIKA%20-%20710/T5
Without seing your code its hard to say where the issue lays. it could well be that the search box is not inside the Form or it could be that the submit button is on another form to the search box, or maybe an issue with backend scripts not grabbing the get values as a result of case differences in the value name.
Without seing your script its hard to diagnose
Ok I found a solution to solve this strange problem, replace the # in the URL with a ? and you will have the actual html content (corresponding to the display)...
If I want to send data back to the server from user input I know I need to use the form tag.
But why do I need the form tag, what does a form tag do behind the scenes?
I've only been in web development for less than a year, so please forgive me if my question is beginner question.
Edit: I know a form is used to denote a part of the page that is interactive and data between the from tags will be sent back to the server.
So, is the tag, just a tag, is there another piece of technology that takes the data from the page and returns the data to the server?
Edit 2: From comments and more specific web searches, I found out that the form tag is just that. A tag. It defines something on a page and does not do anything. All is okay now.
The form tag validates and with html 5 it means it doesn't call the server immediately. It can do a quick check before it attempts to post. E.g. does the email box look like an email address.
The advantage of this is it reduces costs as you're not unnecessarily calling the server. When the form thinks it looks good it will send the info to the back end.
Get and post messages are sent either getting information (reading) or it might be posting (writing).
I think that's what you're after.
I've just installed CKeditor rich text WYSIWYG editor on a site I'm building and it seems to be working ok except for the fact that it inserts text into my mysql database as encoded html rather than regular html and then when the browser outputs this text it converts the encoded data into regular html that then displays in the browser showing the html tags and none of the styling!?
eg I type:
"This is text"
into the editor and it then inserts
<p>This is text</p>
into the database. Then when the page is called the browser converts the above and outouts the following on the page:
<p>This is text</p>
obviously I just want "This is text" to display on the page.
Does anyone know why this is happening/how to solve it please?
Any suggestions would be most welcome.
Cheers
If you don't want CKEditor to create paragraphs for you, set config.autoParagraph to false. Additionally you may want to change enter key behaviour with config.enterMode set to CKEDITOR.ENTER_BR.
And regarding disappearing styles...
EDIT: OK, it seems I missed your point.
So your website is displaying HTML markup instead of HTML while rendering out what you typed?
Then the problem is your server side rather than CKEditor. You can verify in your console that CKEDITOR.instances.yourInstance.getData() yields the correct, unescaped HTML:
<p>This is text</p> // Right!
If it is so, and I strongly believe it is, CKEditor's just fine and this is your server app that is converting special chars into entities (i.e. like PHP htmlspecialchars) while saving to database. You didn't mention what kind of framework/language you use there, so I can just tell you that it is to secure user input to prevent cross-site scripting, breaking layouts etc. and all popular frameworks allow you to disable that feature for a particular field. Simply refer to documentation.
Modern templating languages tend to autoescape html input. For example, in DTL it would be displayed correctly in the template by simply using
{{ object.field_name|safe }}
This is a desired action, since user input is considered untrusted and may be considered malicious.
The browser is not parsing HTML, so on the page displaying (or in the php file) try using {! !} instead of {{ }}.
If you are using laravel, then you should use {!! $variable !!}.
For Laravel 7, 8, and 9 - foreaxample if there is a varable called- $student
and student varable holds "This is Text" in paragraph you must call the varable using singla culy brace front and back, inside two
This is a rather simple question, but I cannot find documentation about it from Salesforce.
I am setting up an HTML Newsletter from Salesforce Vertical Response, and I need to put a link in the body of the email that goes to another site which takes the user's email address as a query string. I am doing this so that when the user clicks the link from the HTML email, they will automatically be signed up for a different blog mailing list.
The link will look like this www.mywebsite.com/blog/subscribe?email=your_email#email.com.
I can easily accomplish this by using the {EMAIL_ADDRESS} variable, such that the link looks like this:
Subsribe
This workds, but when the user gets the email and clicks the link, the '#' symbol gets stripped from the URL. Now I'm trying to figure out how to get around this. I saw some documentation on the URLENCODE() function for SalesForce, but when I try to use it in the HTML email editor in SalesForce, like URLENCODE({EMAIL_ADDRESS})it doesn't execute it, and instead interprets it literally as text. Can anyone help me? is it even possible to use functions from within the SalesForce HTML email editor?
Thanks
I havent used VerticalResponse, but if it leans on salesforce communication templates then you can always create an email template as Visualforce page. Then you can apply Encode functions to merge fields.
I'm glad you were able to find a workaround. If you ever go back to dealing with the URL, it's a good idea to disable our click-tracking when working with merge fields. This can be accomplished by adding nr_ before the http. Example: Subsribe - If you ever try that and it doesn't work, or if you have any other questions, please let us know via one of our Support channels:
support#verticalresponse.com
866-683-7842 x1
We also have live chat available: http://help.verticalresponse.com/
Regards,
Keith Gluck
VerticalResponse Customer Support
I have a situation where users can submit feedback through a textarea on a HTML page or JSP. This works fine and the text ends up in the database.
But, can anyone suggest any safeguards which could prevent somebody trying to submit malicious scripts which could possibly affect the page's behaviour?
I am aware of parsing the text entered and converting any < to '<'; and > to '>'; But is there anything more I could do to validate the entered text?
Thanks
Mr Morgan
Check this out:
Recommended method for escaping HTML in Java
See Apache StringEscapeUtils
escapeJavaScript
and
escapeHtml