I have some content in database table (blog post) that is trusted content and I want to display on screen. This content is HTML and has some code samples using Prism.js for syntax highlighting. Because of the HTML econding on a gsp page I need to use the raw method to output the content as is
${raw(post.content)}
This works great except for when I get to the code that is wrapped in a tags for my code samples. Instead of showing it as code its outputting the raw html which is not what I want. I somehow need to encode the text that is inside of there because If I don't I end up with something that looks like this.
I know that I could do the encoding on save but I already have hundreds of posts where this is not the case. Any ideas?
In my case I had to grab the raw content in the view
${raw(post.getEscapedContent())}
and then in the domain object I escaped anything inside of the code blocks
/**
* I will return the content of a post with the necessary html escaping. To render html in code blocks we
* need to escape any html inside of <code></code>
* #return String
*/
def getEscapedContent(){
content.replaceAll(/(?ms)(<code.*?>)(.*?)(<\/code>)/) { it, open, code, close ->
open + code.encodeAsHTML() + close
}
}
Related
I have a Grails app developed in 2.3.6
There's a GSP file with HTML and CSS elements in it, and that displays data in multiple tables with headers.
I want this data to be saved into a text file and save it. So basically what i want to do is, there will be a Export button in this GSP page, and when user clicks on it, it will download the text file with all the data from that GSP.
What i tried so far?
def textFile = {
response.setHeader('Content-Disposition', 'Attachment;Filename="textFile.txt"')
render view: 'textFile', contentType: 'text/plain'
}
The problem with above is, it saves not just data, but also HTML & CSS elements.
I don't want any HTML or CSS in the text file. Only data from GSP is needed.
Is there a simple way of doing it.
the answer is simple - you need another view withouth the html and css parts.
The rest of your code looks good. But Grails itself does not convert your view, it just sends the content type to the browser and the browser tries to diesplay the data according to the content type.
If you don't want to write a new view (in most cases, writing the new view is dead simple), you could write your own converter (something which strips the HTML and CSS from your file) by creating an afterView-Filter: http://grails.github.io/grails-doc/2.4.0/guide/single.html#filters
Hope that helps
To make Razor View display HTML tags to browser we use this
#Html.Raw(Model.Message)
I want only b,img allowed to be displayed. ( Without write a new method to remove all other tags )
Is Razor support it, or method to remove all html tag except b and img ?
Razor doesn't parse html. It can encode or decode it, but if you need to remove some tags inside your Model.Message - you need to parse it before saving it or displaying.
I'm using rails and have a markItUp editor in place, using the Markdown custom set. The only thing I can't figure out is how to get it to submit raw Markdown instead of converted html. I plan on storing both formats, but I haven't found anything capable of parsing html back to markdown. I've customized the markdown set set.js as we didn't want the entire set of formatting options. Here:
myMarkdownSettings = {
previewParserPath: '',
onShiftEnter: {keepDefault:false, openWith:'\n\n'},
markupSet: [
{name:'Bold', key:'B', openWith:'**', closeWith:'**'},
{name:'Italic', key:'I', openWith:'_', closeWith:'_'},
{name:'Bulleted List', openWith:'- ' },
{name:'Link', key:'L', openWith:'[', closeWith:']([![Url:!:http://]!] "[![Title]!]")', placeHolder:'Your text to link here...' }
]
}
And here's the onready code for the page where the markitup elements appear:
$.editable.addInputType('markitup', {
element : $.editable.types.textarea.element,
plugin : function(myMarkdownSettings, original) {
$('textarea', this).markItUp(myMarkdownSettings);
}
});
$('.editable').editable({type : 'markitup'});
This works, but it submits as html. I was trying to use wmd as there's an option for output which maintains the markdown text as is, but haven't been able to get that to fly. Thanks.
Assuming the textarea contains markdown formatted text, you should be able to grab the contents before form submit with $('.editable').text(), and store it in another hidden field, but you'd have to ensure that you get to the contents before markitup transforms them.
If you really just want to store markdown, you'd be better not to use markitup, and just leave it as simple markdown in a text view, then translate it yourself to html for display with one of the libraries available like rdiscount etc.
I have with RedCloth saved plain text in a form and converted it to HTML. For example, writing this in my form, and saving it, would make it display the exact same way I wrote it :
This sentence
gets inserted into it
proper html syntax
to preserve line breakage.
With this code :
def parse_code
self.text = RedCloth.new(text).to_html
end
And then I can redisplay it with this :
= raw post.text
But when I want to edit it, it it returns to me as :
<p>This sentence</p>
<p>gets inserted into it</p>
<p>proper html syntax</p>
<p>to preserve line breakage</p>
How can I make it, so that when I edit it, it looks the same way it did before I went and saved it ?
Thanks!
I would leave the textile code stored in textile and do the conversion to HTML only in the view:
= raw RedCloth.new(#post.text).to_html
Converting between textile and HTML does not feel to be a good practice. Your parse_code method seem that it caused your text to be converted to HTML.. and than stored to the Db.
However if you want to convert HTML to textile, maybe clothred is for you or read this blog.
Edit: Shoot! I misunderstood the question!
You'd assign that text area's value back to textile using ClothRed:
ClothRed.new(html).to_textile
Sorry!
If I understood you right, you are storing the HTML output in the database. Instead of doing that, store the raw Textile contents and then convert them to HTML when showing it to the user.
I've got wiki style content which is sanitized and stored in another field of the db for output as html. The original body field I'm not sure how to deal with as when I santize it characters are escaped and don't display well in the textarea.
What are the dangers of unsafe content in textareas? I'm sure I read previously that downloading such textarea content with ajax is preferable but I'd rather not go down that route if not necessary.
all HTML tag are no safe. by example if you close the textarea, you can add all nez HTML tag or what you want like JS. So it's exactly like inside a non textarea tag.