Is there some clever content-type setting that makes Firefox display highlighted HTML source code instead of rendering it?
I have a CMS that generates HTML pages. I get debug info on each generated page by adding "/debug" to the URL. I would like to see the source by using "/source" so I have the source within my Firefox tabs (and not as an extra window).
I toyed with
ob_start()
and
highlight_string(ob_get_contents())
but it didn't work quickly, I find it too complicated and I like to avoid working with buffering when I can.
Maybe there is a simpler way to do this?
Edit: I will be using header("content-type: text/plain") for the time being but that doesn't highlight the code. I am looking for something like "content-type: text/html-source" or similar.)
Some Browsers already have HTML syntax highlighting built in. In Firefox & Chrome you could link to
View Source
or use the (highlighted) source view inside an iframe:
<iframe src="view-source:http://etc"/>
This obviously doesn't really work cross-browser but you might be able to live with that in a custom made CMS.
You could use
<p>
This very <em>system</em> which <a href="http://stackoverflow.com/">this
website</a> uses. It's called Prettify.
</p>
http://code.google.com/p/google-code-prettify/
Have you looked at installing a third-party syntax highlighter? I'm considering adding one to a project that uses a hand-built CMS system to allow staff to edit HTML content directly.
You could use something like Geshi It's quite useful, and highlights a lot more languages than just html, in case you ever needed that.
Related
I'm in the process of (slowly) learning how to make my websites more secure. I was checking out D&D Beyond, and noticed a few things I've never seen before, and I would like to learn more about.
Portions of the source code don't show up when you View the Source.
It's hard to explain. I tried to explain it in a different post, and I got a ton of snarky remarks. I'm telling you, I know what I saw. I would like to know how this is possible and how I can replicate it.
I typically write in PHP/JQuery, so I'd primarily like to learn more using those languages.
Example:
You can create a Character using their Character Builder, then view your Character Sheet. The main portion of your character's stats are enclosed in a very large parent div: ".character_sheet"
If you MANUALLY save your Character Sheet to your Desktop, you can see the HTML for this section. If you inspect this section in Firefox, you can also see the data. However, if you try to CTRL+U while in the browser, the HTML in this section does not appear. It also will not appear if you try to curl/fopen/file_get_contents
Additionally, images are not visible by normal means.
For Example: I am aware of how to disable right-clicking on a website, but if someone wanted to take my images, all they'd have to do is open my source code and look at the image url and save it from there.
On the D&D Beyond site, I can bring up Firefox's web inspector where an Image SHOULD be, take a look at the CSS, and... nothing. No link to an image, where one should be. I don't know how they're getting images to appear without css/html. I'd be very interested to know how this is done.
If anyone has any insight/guesses/etc and can point me in the right direction to learn some more, I'd really appreciate it!
Server-side code such as PHP is always hidden to visitors (unless you have a security vulnerability of some sort).
Client-side code such as HTML, JavaScript and CSS is always visible to the visitor. Even if you can't see it immediately in the DOM, it will be hiding there somewhere.
The most likely scenario is that it is hidden within an embedded .js or .css file, which would look similar to the following:
<script src="scripts.js"></script>
<link rel="stylesheet" type="text/css" href="theme.css">
HTML can be outputted to the page through JavaScript, which will not show in the DOM (though it would show up with a PHP echo). HTML can also be 'hidden' through use of <iframe> tags and HTML imports.
JavaScript has a wide array of ways in which it can be obscured / malformed, so it can be hard to track down. You may some some strange, 'unreadable' code in the DOM / .js files, which in turn could be outputting the HTML itself.
Please consider the below points,
All client side resources are viewable although you can make it easyless readable by javascript and it's better to do most of your codes by server side.
You need to know about what search engines love if your app is a public web site & will be indexed by those search engines, as some search engines don't scrape to the web pages which have only JavaScript code.
You can create images without <img> tags using CSS background-image Property.
there are some useful lib's to make your code more hard readable like Closure Compiler Service & JSFuck & JS Packers although it's better to make it by yourself and just add like those techniques to your knowledge, noting that this will make your code size larger.
and at all there are no white page source, it should contains at least <script> and if you saw a real white page it may be disabled from sever side to be viewable at top of window and it may be works if embedded in iframe or by sending specific headers to it or whatever else.
You can make your server & client sides cooperate :) to get great result and more secured.
I did following in order to include php code into Joomla:
writing a php application with jumi as:
<?php echo '<p>Hallo Welt</p>'; ?>
include following code in the target article, where the previous code should be included:
{jumi [*1]}
this worked so far.
But, when i try to edit the article again using the wyiwyg editor, the editor take the resolved formatting, means Hallo Welt and the original code get replaced {jumi [*1]}
this is get very problematic when the code is dynamic!
does somebody has a solution for this issue or am I missing something?
No It's a common problem, no worries.
There are several hack you can do to avoid this.
Save the text in one file and every time edit the file and after copy and paste in Joomla.
When you edit the file, just edit from the source.
Use an alternative editor which is already in source mode like RokPad
Check Plugin Manager > Editor - TinyMCE > Entity Encoding = raw
Using sourcerer plugging for including php script into an article, does not cause this overriding of source code by the displayed result, that's why I was forced to stop using jumi in favor of sourcerer.
Switching to raw mode is unfortunately not an option, since this would increase the effort of other authors who are supervising the platform and typing articles, especially when those are not so familiar with plain HTML.
I'm developing a Wordpress site, which I'm fairly new to. I'm not sure if this is a stupid question or not but I haven't been able to return any decent google results regarding this. Anyway, is there a way to find out what PHP function is generating a piece of HTML code using a browser code inspector like Chrome's? Thanks!
No.
Once the data arrive to the browser, all the PHP code have been processed and you can't know what part of PHP generated which part of the HTML code.
No - not without modifying the php code to enable some kind of debugging. Chrome can only give you information about the received html document on the client side (you). But php code gets parsed server side.
You kind of can:
Download a copy of the theme and plugins folder
Open the page on your site that you want to find the function for.
Find a div/class that is specific to section e.g. <article>
Open a text editor like notepad++ (one that will allow you to search through multiple files at ones)
Use the find feature of chosen text editor and search for the div/class
The result will show you a list of pages where that term is.
Look through those pages for the function you are looking for (it might take a few goes)
The above it is a bit of a roundabout way of doing it, but I think other than looking through each file separately, it is you next best way.
Is there a way to add rules for the changes ckeditor makes to html?
Like I would like to use <br /> instead of it being output as <p>$nbsp;</p>
, to not wrap <style></style> in <p> tags
, and have it not modify the white space and leave all the carriage returns as they are put in.
Most of all I'm looking for some way to allow php to be added. The CMS I am using it on needs php on some pages. I write all the code but the client has the ability to go in and edit the text, but she doesn't know html, hence ckeditor, and changes pages with php in it over to ckeditor sometimes and it completely garbles the code.
Is there any way to do any of this?
CKEditor offers a powerful and flexible output formatting system. It
gives developers full control over what the HTML code produced by the
editor will look like.
http://docs.cksource.com/CKEditor_3.x/Developers_Guide/Output_Formatting
Most of all I'm looking for some way to allow php to be added
PHP can be added you just need to open the file in a plain textarea tag for writing and make sure its handled properly when saving, or if content is held in database, use eval() but not recommended.
http://php.net/manual/en/function.eval.php
If your client dose not understand basic html then opening up the page to more syntax errors will only cause you greater head pain.
I take it you are confused. So am I, but I'll try to formulate this as well as I can.
The content management system I use has a third-party plug-in installed that manipulates the output of the pages produced by the CMS. That's what it's supposed to do, and that's why I installed it, but there's one small part of those manipulations that I need to get rid of.
The plug-in looks for the </title> tag in the HTML output and then adds an unwanted tag right after it (by replacing </title> with </title><unwanted tag>).
You might think, why not just dig into the plug-in source and comment out that particular function? Well, that's the kicker: the plug-in is encoded with Zend Guard, so I can't make heads nor tails of its source, and unfortunately the developer is not willing to assist.
One other manipulation that I was able to get rid of by myself, was the extra (and again unwanted) HTTP header it set for every page.
The Zend-encoded PHP file is loaded by a regular PHP file, and I was able to unset the above mentioned header by adding the following bit of code to the very bottom of this 'load file', before ?>:
header_remove("X-Enhanced-By");
It works splendidly, but that was about as far as my experience and research could take me.
The last thing, then, that I need to undo, is the manipulation of the title tag. I temporarily worked around it by changing all my </title> tags to </title >, but that seems hardly a proper workaround.
If I can unset the header by placing header_remove("X-Enhanced-By"); right before ?>, does that mean I can also use that same area to undo the addition of the unwanted tag after </title>?
Let's assume the plug-in replaces </title> with </title><base href="http://www.example.com/" /> on every page that is put out by the CMS.
How would I go about undoing that?
Depending on the CMS framework. Basically you should be able to create a hook/plugin which captures the output at a higher level than your plugin then regex the tags out.
I get it that the plugin installed already does that so it should be "doable"