I am writing a 404 custom page and all is good, but I am using WPML and therefore I am localizing my strings.
This i part of my code:
<h4><?php _e('You still can\'t find anything?', 'kslang'); ?></h4>
<h5><?php _e('Well, then you probably should give us a wake up call...', 'kslang'); "\n"?></h5>
<h5><?php _e('but be aware who you\'re waking up!', 'kslang');?></h5>
<h5><?php _e('You\'re sure? Well, then...', 'kslang'); ?></h5>
<form>
<input type="button" value="<?php _e('Contact Us!', 'kslang'); ?>" onClick="window.location.href='http://example.com/contact-us-today'">
</form>
<h5><?php _e('or try the Site Map Below. You\'re also welcome to check out our related projects!', 'kslang'); ?></h5>
Now the issue is, that my
"window.location.href='http://example.com/contact-us-today'"
is not redirecting to the relative language.
I though I could simply wrap the href link in get text, like by button text and the rest of the strings.
this doesn't work, obviously the matter is more complicated.
Do I need to use a if/else statement?
Has anybody a idea how to redirect to the correct language?
(I tried to use _e with the idea to translate the href link in String translator, but this doesn't work with _e because inserting the php snippet breaks my site in this case)
Hope somebody can give a input...
to redirect to the appropriate language version using window.location.href, you need to include the language in your URL... i.e, for French, redirect to "http://www.example.com/fr/contact-us-today" (with "fr" after the domain). You can do this dynamically by detecting the current WPML language in PHP and echoing it as a JavaScript variable, like this:
//Get current WPML language
global $sitepress;
$language = $sitepress->get_current_language();
//Echo as JS variable
echo "<script>var lang = '".$language."';</script>"
Then, you can redirect like this:
window.location.href='http://www.example.com/'+lang+'/contact-us-today';
NOTE: This example assumes you are using language folders for your different languages. You will need to adjust accordingly if you are using subdomains or a language query parameter.
Related
I have comments section in my application where users enter input in a text area. I want to prevent the line breaks they enter but also display html as a string. For example, if comment.body is
Hello, this is the code: <a href='foo'>foo</a>
Bye
I want it to be displayed just as above. The same with anything else, including iframe tags.
The closest I got is:
= simple_format(comment.body)
but it sanitizes html code and it's not displayed. Example: foo <iframe>biz</iframe> bar is displayed as:
foo biz bar
What should I do to achieve what I want?
Just use it without any method, it will be rendered as plain text:
= comment.body
Using your second example, the output will be:
foo <iframe>biz</iframe> bar
To make \n behave as <br>, you can use CSS:
.add-line {
white-space: pre-wrap;
}
And use it in your view:
.add-line = comment.body
Using your first example:
comment.body = "Hello, this is the code: <a href='foo'>foo</a>\n\nBye"
The output will be:
Hello, this is the code: <a href='foo'>foo</a>
Bye
Having done something similar in the past, I think you must first understand why HTML is sanitized from user input.
Imagine I wrote the following into a field that accepted HTML and displays this to the front page.
<script>alert('Hello')</script>
The code would execute for anyone visiting the front-page and annoyingly trigger a JS alert for every visitor.
Maybe not much of an issue yet, but imagine I wrote some AJAX request that sent user session IDs to my own server. Now this is an issue... because people's sessions are being hijacked.
Furthermore, there is a full JavaScript based exploitation framework called BeEF that relies on this type of website exploit called Cross-site Scripting (XSS).
BeEF does extremely scary stuff and is worth taking a look at when considering user generated HTML.
http://guides.rubyonrails.org/security.html#cross-site-scripting-xss
So what to do? Well if you checked in your DB you'd see that the tags are actually being stored, but like you pointed out aren't displayed.
You could .html_safe the content, but again I strongly advise against this.
Maybe instead you should write an alternative .html_safe method yourself, something like html_safe_whitelisted_tags.
As for removing newlines, you say you want to display as is. So replacing /n with <br>, as pointed out by Michael, would be the solution for you.
comment.body.gsub('\n', '<br />').html_safe_whitelisted_tags
HTML safe allows the html in the comment to be used as html, but would skip the newlines, so doing a quick replace of \n with <br /> would cover the new lines
comment.body.gsub("\n", "<br />").html_safe
If you want the html to be displayed instead of rendered then checkout CGI::escapeHTML(), then do the gsub so that the <br /> does not get escaped.
CGI::escapeHTML(comment.body).gsub("\n", "<br />")
I'm using angularjs on a rather large flat documentation page. The page has some navigation thats designed to use traditional url hash links. The urls look like so:
/documentation/flat#26166276-basic-events
These urls get rewritten once the navigation occurs and i've hit the next page. angular initializes to something like:
/documentation/flat#/26166276-basic-events
This breaks the navigation. It seems to work if I am already on the /documentation/flat path and hit one of the hash urls. It gets rewritten but the browser still focus's on the correct section of the page.
However if the the hash url is triggered from a different path the browser will not focus on the correct DOM element as the angularjs rewrite happens.
Edit: this is what the markup for a link looks like
Basic Events
<h1 class="chap-header" id="26166276-basic-events">2.1.0 Basic Events</h1>
This topic was further discussed here:
How to handle anchor hash linking in AngularJS
I used a variation from that thread
if $location.$$url[0]== '#'
$location.hash($location.$$url.replace('#', ''))
$anchorScroll()
that basically lets me prefix any anchor links with an additional # and angularjs treats them as traditional anchor
There is a very silly solution: put a / at the start of the anchor id!
<a id='/my-id' />
I have a fairly long list of quick links (approx. 20) that I'm going to embed on my main page. Instead of adding the full url of each link to the each anchor, is there a way to add maybe the end of each link.
For instance, if the link to the url is
http://support.proboards.com/index.cgi?display&thread=423890
as you can see, my forum is a proboards forum if that helps anything here.
the location of each url is local,
Instead of adding the complete url, is there a way to use something like
<a href = "&thread=423890">
or maybe
<a href = "this.thread=423890"> ?
Not in pure HTML, the best you'll get is <a href="index.cgi?display&thread=423890">, which is what you should already be using. Of course I'm assuming support.proboards.com is your site here.
You could use JavaScript and call a function like openThread(423890) if you really wanted, but a)I wonder what you really gain from it, b)this won't work for people with JavaScript turned off (a la NoScript), and c)I wonder if Google would properly see all the links.
Presumably, these pages are all being generated by server-side script anyway, so you should only really be coding index.cgi?display&thread= once anyway...
If you're hard-set on doing something shorter, I'd suggest using URL rewriting. You can have a URL like .../display/thread/423890 and then use something shorter if you're already from a /display/thread/ page. But this requires the link to go to a page you have control over.
Actually its not actually a problem, but I'm thinking and searching for it for a while.
When we use php and to setup some link we can use something like-
some link
in this way anyone can see what is going on by looking at the url. Is there any possible way to keep it hidden like the POST method of the form element?
I don't want user to modify and play around with my parameters and values. Lets guess I don't want to encrypt the values and parameters and I can't use form element as they should be pure links. And also what if I don't want to use url rewriting engine.
Any ideas from the experts?
edit:
I forgot to mention another most important thing that I need to get the parameters and the values I want to pass through that link and do some stuffs in the page i'm linking to.
thanks again.
You can use a hidden form
<form action="realurl" method="post">
<input type="hidden" name="parameter" value="value1"></input>
</form>
<a onclick="forms[0].submit();" href="http://fake">link text</a>
I am using FckEditor in Create.aspx page in asp.net mvc application.
Since I need to show rich text in web pages, I used ValidateInput(false) attribute top of action method in controller class.
And I used Html.Encode(Model.Message) in Details.aspx to protect user's attack.
But, I had result what I did not want as following :
<p> Hello </p>
I wanted following result not above :
Hello
How can I show the text what user input?
Thanks in advance
The short answer is that HTMLEncode is making your markup show like that. If you don't HTMLEncode, it will do what you want.
You need to think about whether or not you need full control of markup, who is entering the markup, and if an alternative like BBCode is an option.
If your users using the editor are all sure to be 'safe' users, then XSS isn't likely to be as much a concern. However, if you are using this on a comment field, then BBCode, or something like SO itself uses is more appropriate.
You wont be able to use a WYSIWYG editor and do HTMLEncode though... (without BBCode, or some other token system)
It seems the user entered "<p> Hello </p>" (due to pressing Enter?) into the edit control, and it is displaying correct in the HTML as you have done an Html.Encode. E.g. the paragrahs are not rendered, they are outputted as "<p>..</p>" as the string is HTML encoded into something like "<p> Hello <p>".
If you do not want tags, I would suggest searching the text string for tags (things with <...>) and removing them from the inputted text. Do this before HTML.Encode.
...or am I missing something?
You can use HttpServerUtility.HtmlEncode(String)