I have a url that I want to make clickable in Django admin.
class someAdmin(StackedInline):
fields = ('get_download_link', )
readonly_fields = ('get_download_link',)
I noticed that I need to have readonly_fields to include the custom field or else Django complains.
I then add the custom field
def get_download_link(self, obj):
massaged_link = massage_the_link(obj.link) # pre-process the link
return "<a href='%s'>Download</a>" % massaged_link
the html is not effective. I got everything as one big ass string. How do I make this a clickable link?
Apparently all I need to do is to wrap the string with mark_safe
doc here: https://docs.djangoproject.com/en/2.2/ref/utils/#django.utils.safestring.mark_safe
and then the html tag will take effect
Related
Now I have information in XML format, I need to convert it with stylesheet.xslt to receive HTML table. I try to put this HTML table into my admin page(I use active admin), but get text of my html file. However I would like to see a table after converting
I tried to put it into different tags(div/pre), don't help
pre id: 'response_xml_into_html', class: 'collapse' do
document = Nokogiri::XML(request)
template = Nokogiri::XSLT(File.read('stylesheet.xslt'))
template.transform(document)
Am not sure, but try this:
document = Nokogiri::XML(request)
template = Nokogiri::XSLT(File.read('stylesheet.xslt'))
htmltable_out = template.transform(document)
div(id: 'response_xml_into_html', class: 'collapse') do
htmltable_out.html_safe
end
Also make sure to start a rails console en see whether the transformation indeed works. Good luck!
I have a markdown text saved in the databse and I want to show it as html to the user. I am using markdown.js as the processor and I pass the big multiline html string from rails to javascript by rendering a js.erb file from the controller.
But since it is multiline, the javascript becomes invalid. Is there any rails function which will take the whole string and assign it as a single line string to javascript variable. I cannot use html_safe also as some things might be escaped. What is the best way to handle markdown?
sample markdown
![enter image description here](https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcRiOb7-0qeyx73XuXNqzLpxgXTlf5UMrMnF5zm-UKn3wLaXCW0UUw "enter image title here")
Hello
If you render erb server-side anyway, you will probably be better rendering Markdown server-side as well. You can use Redcarpet for that.
Add gem redcarpet to your Gemfile.
Run bundle install
Use it:
text = "my _markdown_ *variable*"
markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML)
markdown.render(text)
It will be a good idea to save rendered HTML in the database, to save CPU time on re-rendering the same text every time you want to show it to client. So you can add something like this to your model:
class Article
# let's say that model has 'source' attributes with Markdown
# and we want to put resulting HTML into 'html' attribute
before_save :markdown
def markdown
self.html = Redcarpet::Markdown.new(Redcarpet::Render::HTML).render(source)
end
end
I have text content prepared using the wysihtml5 gem, which I would like to show in a div. Question is how to "render" this text content, as to be "safe". Should I use
= text.html_safe
or
= simple_format(text)
or
= raw(text)
or...
If you would like to show everything, as it was entered in wysihtml5 (but not 100% safe), than use any of these:
= text.html_safe
= raw text
== text
If you would like to make it absolutely safe, then use:
== sanitize text, tags: %w(em strong b i u a ...), attributes: %w(href title ...)
In such way you can control tags that are allowed and allowed attributes for tags.
I have an application in Laravel 4 to manage newsletter.
It the back end is possible to write the message that will be sent as email to the users in the list.
There is a simple form with two fiels: subject - body
The point is that i can send only plain text.
It is possible to include an editor with some basics functions: bold - italic - color - size - headings?
Thank you.
That wouldn't be part of the back end but would be done with javascript. What you are probably looking for is something like CKEditor which basically hijacks <textarea> elements on your page and turns them into almost full featured editors.
How it works is it automatically inserts appropriate HTML tags into the text as it's typed depending on how the user wants it to look. When the form is submitted, instead of plain text, it would be submitted as the generated HTML, and you'd probably just want to drop that into the body of the email.
Check out http://www.ckeditor.com
If you have any specific questions on that, I'd be sure to add the appropriate tags so you have a better chance of getting help on it.
I am using FckEditor in Create.aspx page in asp.net mvc application.
Since I need to show rich text in web pages, I used ValidateInput(false) attribute top of action method in controller class.
And I used Html.Encode(Model.Message) in Details.aspx to protect user's attack.
But, I had result what I did not want as following :
<p> Hello </p>
I wanted following result not above :
Hello
How can I show the text what user input?
Thanks in advance
The short answer is that HTMLEncode is making your markup show like that. If you don't HTMLEncode, it will do what you want.
You need to think about whether or not you need full control of markup, who is entering the markup, and if an alternative like BBCode is an option.
If your users using the editor are all sure to be 'safe' users, then XSS isn't likely to be as much a concern. However, if you are using this on a comment field, then BBCode, or something like SO itself uses is more appropriate.
You wont be able to use a WYSIWYG editor and do HTMLEncode though... (without BBCode, or some other token system)
It seems the user entered "<p> Hello </p>" (due to pressing Enter?) into the edit control, and it is displaying correct in the HTML as you have done an Html.Encode. E.g. the paragrahs are not rendered, they are outputted as "<p>..</p>" as the string is HTML encoded into something like "<p> Hello <p>".
If you do not want tags, I would suggest searching the text string for tags (things with <...>) and removing them from the inputted text. Do this before HTML.Encode.
...or am I missing something?
You can use HttpServerUtility.HtmlEncode(String)