In my scenario I'd like to display a text with URL link within validation message attached to form element on MVC view. I'm using ValidationExtensions.ValidationMessage extension method, like this:
<%=Html.ValidationMessage(Model.Name) %>
The behavior I'm seeing is that validation message is HTML escaped, what effectively prevents me from adding a link to message. Is there a way to circumvent this behavior? My error messages aren't user-supplied, so I don't think I have to worry about output sanitization here...
I'm guessing that since Html.ValidationMessage is built in you're going to either create your own version, or if you're feeling creative, since it returns a string, assign that and then unescape the characters you want to change back.
string validation = Html.ValidationMessage(Model.Name);
validation = Regex.Replace(validation, ">", "<");
//etc...
You could use the HttpUtility.HtmlDecode(...) method along with your Html.ValidationMessage(...) method to get 'err done :D
Related
I am returning data from my DB with multiple phrases. One of them being the following text : Submitted an Idea
I want to make the "Idea" in any an all text a hyperlink, so I want to use a replace function in my razor view to replace the word "Idea" with my Html Helper:
#item.RewardType.Replace("Idea", #Html.ActionLink("Idea", "ChallengeIdea", "Ideas", new { id = item.fkiIdeaId }, null))
I've looked around a bit but can not really find anything. Someone suggested using #Url.Action - But the issue remains the same.
How do I do this ? Or is using an Html helper the wrong way of doing this ?
Thanks for any help.
You can try this:
#Html.Raw(item.RewardType.Replace("Idea", $"<a href='/ideas/challengeidea/{item.fkiIdeaId}'>Idea</a>"))
Or
#Html.Raw(item.RewardType.Replace("Idea", "Idea"))
Html helpers are there to help you in general situations. When they produce more complications than value, they have no use
<span>Submitted an Idea</span>
If you have RewardType in a resource and can not use plain html, you could set RewardType to "Submitted an Idea" And use string.format
I am using struts-2.3.16.3 for my application. My action implements the “ModelDriven” interface. Using interceptor reference as defaultStack.
The problem that i am facing is, all the special characters (non keyboard characters like ®, ℗) are disappearing from my model property by the time they reach to my action class. Other special characters like # # $ etc able to see those in my action.
Do i need to configure any other interceptors in the stack?. Help needed if i am missing in configuration.
Example: If i enter Piracy℗symbol in my text field, in action class when i print property value it shows Piracysymbol.
Thanks,
Ramesh
I think the problem is that you have not mentioned the content-type. Try putting
<%# page contentType=”text/html;charset=UTF-8″ %> tag in your code if you haven't already. If the problem still persists write your code like this
<s:text name="username"/> <s:property value="getText('username')"/>
Hope this helps.
I need to embed links in my translated texts. I followed this post, but it doesn't seem to work in rails 3 anymore as the html tags don't get rendered properly.
Anyone knows how to get this done in rails 3?
Update:
Apparently, the html tags can be escaped by using the html_safe method. But does anyone know if there's another way to solve this problem without using html_safe?
I would like to avoid unescaping my html tags if possible, b/c I've encountered a situation where I have to pass in a text field into my translation, and I would like to avoid unescaping any strings that are user inputted.
Change {{url}} to %{url} and you should be good to go.
Update
Ok, thanks, that's important information about what "doesn't work" means :) So, you need to call the html_safe method on your call to link_to, eg.
link_to(t("log_in_href"), login_path).html_safe
This will tell Rails to render the HTML, not escaped.
I am using FckEditor in Create.aspx page in asp.net mvc application.
Since I need to show rich text in web pages, I used ValidateInput(false) attribute top of action method in controller class.
And I used Html.Encode(Model.Message) in Details.aspx to protect user's attack.
But, I had result what I did not want as following :
<p> Hello </p>
I wanted following result not above :
Hello
How can I show the text what user input?
Thanks in advance
The short answer is that HTMLEncode is making your markup show like that. If you don't HTMLEncode, it will do what you want.
You need to think about whether or not you need full control of markup, who is entering the markup, and if an alternative like BBCode is an option.
If your users using the editor are all sure to be 'safe' users, then XSS isn't likely to be as much a concern. However, if you are using this on a comment field, then BBCode, or something like SO itself uses is more appropriate.
You wont be able to use a WYSIWYG editor and do HTMLEncode though... (without BBCode, or some other token system)
It seems the user entered "<p> Hello </p>" (due to pressing Enter?) into the edit control, and it is displaying correct in the HTML as you have done an Html.Encode. E.g. the paragrahs are not rendered, they are outputted as "<p>..</p>" as the string is HTML encoded into something like "<p> Hello <p>".
If you do not want tags, I would suggest searching the text string for tags (things with <...>) and removing them from the inputted text. Do this before HTML.Encode.
...or am I missing something?
You can use HttpServerUtility.HtmlEncode(String)
Whenever I use Html.ActionLink it always Html encodes my display string. For instance I want my link to look like this:
More…
it outputs like this: More…
&hellip is "..." incase you were wondering.
However the actionlink outputs the actual text "…" as the link text. I have the same problem with if I want to output this:
<em>My-Post-Title-Here</em>
I wind up with:
<em>My-Post-Title-Here</em>
Any idea how to do this?
It looks like ActionLink always uses calls HttpUtility.Encode on the link text. You could use UrlHelper to generate the href and build the anchor tag yourself.
<a href='#Url.Action("Posts", ...)'>More…</a>
Alternatively you can "decode" the string you pass to ActionLink. Constructing the link in HTML seems to be slightly more readable (to me) - especially in Razor. Below is the equivalent for comparison.
#Html.ActionLink(HttpUtility.HtmlDecode("More…"), "Posts", ...)
The answer given by Sam is actually correct and I used it in my solution so I have therefore tried it myself.
You may want to remove the extra parenthesis so it becomes something like this:
#Html.ActionLink(HttpUtility.HtmlDecode("&"), "Index", "Home")
Alternatively, just use a plain Unicode ellipsis character \u2026 and let MVC worry about how to encode it. Unless there's some particularly compelling reason you'd specifically need a hellip entity reference as opposed to a character reference or just including the character as simple UTF-8 bytes.
Alternative alternatively: just use three periods. The ellipsis (U+2026) is a compatibility character, only included to round-trip to pre-Unicode encodings. It gets you very little compared to simple dots.
Check out this:
<p>Some text #(new HtmlString(stringToPaste)) </p>
Decode it before passing the value in. Just had this same issue (different characters) and it works fine:
Eg:
#Html.ActionLink(HttpUtility.HtmlDecode(_("&")), "Index", "Home")
Annoying though