I'm new at web development, so to make sure I'm writing good code I've been using w3.org validation tools. I'm currently working on a project where I generate a lot of my html with php functions, and I'd like to validate the html, but w3.org doesn't support that. The only way I've found to do it is to render my code, view source and validate that, but that's an awkward, time consuming process, that only approximates validation as it renders differently in different situations. Any suggestions?
Thanks,
Rebecca
Tidy Project:
http://tidy.sourceforge.net/
http://www.w3.org/People/Raggett/tidy/
Good luck.
Edit -
To be clear, with Tidy you can be reasonably certain that the output of your script is valid against a given standard.
You can use Html Validator add-on for FireFox.
The various developer tools in the major browsers will help you validate the HTML your script emits.
IE6/7 - you can install the IE Developer's Toolbar
IE8 has the toolbar built in
FireFox - you can get the Web Developer Toolbar as an addin
I think Opera has some tools built in as well, but quite frankly I only use Opera for testing after I've built using Fx and IE.
The validator tools will not care about php, so if your php is 'bad', it won't care.
It only checks html for concision and proper nesting to the doctype.
Try this, Web Developer 1.1.8 toolbar.
This ad-don works superbly, you can validate locally, for example:
Validate Local CSS
Validate Local HTLM
if you don't have access to some external web-server or even if you do have access to it.
In addition the installation is easy and to validate a given page all you have to do is right click on Tools and there is a whole array of validation options.
https://addons.mozilla.org/en-US/firefox/addon/60
Alternative approach: Hitchhike direct-input at the W3C validator:
( I am also facing the problem, that my staging server would need to be online,
to allow for an easy validate-here link... )
The direct input at the w3c validator submits a form.
Or in other words: The actual validation-page receives a POST request.
So how about: Make a link (i.e. in your footer) that leads to a submitForValidation.php
In that php file:
grab the Referer-URL you just came from (through your localhost server)
submit as POST to the W3C page
Not done it yet, but will probably implement that soon.
Step 1: Run the PHP to generate some HTML, with a command like this:
php index.php > index.html
Make sure that php is in your system PATH variable.
Step 2: Validate this index.html with normal html validation tools.
Opera 12 is good for validating generated pages, you just go to the page, then right click and validate. that's all, so easy that scares lol.
Related
I am trying to get to grips with various forms of web design and build. I have looked around and still cannot get a useful answer on what technology is best to create a Dynamic Submission form (that doesn't look like crap).
I want to build a sumitable form that is aesthetically pleasing. I have planned and sorted out that I will use PHP and AJAX so it can be interactive but I am lost on what technology to use to actually code/script the design of the form. If anyone can help it would be greatly appreciated, thanks in advance!
If anyone who reads this uses Virgin Media as their internet provider and they use their card details form online, that is my ultimate goal to make the form similar too (with different questions and submission details, but that isn't important). The look is what I am after.
you are on the right track actually.
for aesthetics, you should research more about designing in HTML/CSS
JS is used for the dynamic user interface
PHP and AJAX are all that's needed for a dynamic form submission
google is your friend. go ask him.
other than that, it's up to your imagination and originality how you implement it.
you would need to use html and css to actually build the form.
Javascript to possibly validate the form on the persons browser (client side)
php would submit and send the form.
If you like the look of the virgin media form you can find out how it was done by using developer tools on chrome (f12 on a windows machine, cmd, alt and I on a mac) or firebug pluign on firefox. Others are available but these are two of the best. This wll show you the html mark up the css and how it all works.
Here you have some examples of interactive forms: http://www.catswhocode.com/blog/10-jquery-tutorials-for-working-with-html-forms
Your best bet will be with ASP.NET.
Its easy to set up and the software is easy to use and is free.
You should use Microsoft web developer express.
http://www.microsoft.com/visualstudio/en-us/products/2010-editions/visual-web-developer-express
You will have the choice to code in c# or visual basic , c# will be the beter choice.
ASP.net is the new generation of website development.
I'm allowing users to embed content from youtube, vimeo, scribd, flickr, slideshare, etc. and therefore i'm allowing them to paste the embed code in a textbox.
I'm having a hard time figuring out how to:
(a) validate that its indeed a correctly formed embed code and
(b) whether its not any malicious code that the user is trying to get my
system to display.
This is a php website.
I've used htmlpurifier in the past. There are some others, but this one worked the best for me. You can whitelist all allowed code constructs and make the html code standard compliant. It's a good first line of defense against XXS attacks.
The library is quite big and can slow down your code if you don't install it correctly, so read the install docs carefully.
We will be implementing a system where we ask the user to specify the direct URL and we go and subsequently fetch appropriate data from that page.
I'm generating some content through an API, accessed by javascript, and I cannot grab the source code of what is plainly displayed, post-load, on the browser. I can highlight the text and view the source of selected text (which is a firefox feature), but I will be using CURL to capture the data automatically with php... How can I capture the data? Is there a way to update the source(maybe through a DOM update) so it displays some how? Any help is appreciated.
You can't just request some HTML source and expect the results of modifying it with JS to be in place without running the JS so if you want to get the content in PHP, then you will have to either
Push the HTML through something that will execute the JavaScript (I'd probably look to WWW::Mechanize::Firefox if I were using Perl, it uses Mozrepl. I don't know if PHP has a similar nice API for it)
Reverse engineer the JavaScript and do whatever it does to get the data yourself.
You can pull up the page source using Google Chrome from within developer tools (wrench in the top right -> Tools -> Developer tools, or Control+Shift+I (that's an uppercase i)). The source code shown in the developer tools represents the up-to-date source code of the page, including things that were generated dynamically by JavaScript after the page initially loads.
I'm sure other browsers have similar capabilities, I just happen to know Chrome's method off the top of my head.
If you developing environment is Linux/Unix, you could incorporate PjantonJS, which is a very nifty tool that executes the JavaScript and it passes the output. The way I would recommend doing this would be with a shell_exec() in witch you run you CLI PhantomJS.
Hope this helps.
I want to develop a site that will allow be to publish information to users, and give them and opportunity to subscribe to a mailing list so they can be updated each time I make a change to the site.
*Add new information, etc.
I also would like for the users to be able to add comments about reviews posted, and give me suggestions...Things that will encourage user interaction
I understand that this is possible with php...
But I do not know php, and to learn and test it I apparently need a domain to begin with...etc.
Is it possible that I use Xhtml/Html to get the same results?
--
I know I can use the
Mail
but that would also leave my email open to spam...Any suggestions?
And I do apologize if this question has been posted before, I did some research and found no such thing.
All helpful responses are appreciated.
XHTML and HTML are essentially the same thing, just xhtml is based on an xml standard (thats where the x comes from), therefore being a bit more stricter.
HTML/XHTML is generally used for structure of your webpage, where as PHP is a server based language, meaning it works behind the scenes.
You could use html, but it'd be hideously complex to make, so i'd say you'd be better of biting the bullet and making a start on your first php app:) Don't worry it's very easy to get your head around. You do not need a domain to get started with the development, simply install WAMP (for windows), or MAMP (if your apple freak like me), these programs act as self contained mini servers, very useful for development!
Then i'd suggest trying it all out using html for starters, just so you get used to the WAMP/MAMP sever, before heading over to http://devzone.zend.com/article/627 for a brilliant set of tutorials on PHP!
EDIT: Another poster mentioned wordpress, its a great platform too! But i always favour learning the basics so in the event of something going wrong, or not working the way you want it to, you'll know what to do, or at least have an idea. Therefore i'd stick with your own php solution as a starter, then progressing to wordpress, when you feel comfortable.
I hope this helps :)
(X)HTML is the markup language that's interpreted by the browser, to display your web pages.
PHP is a language, used on the server, that can :
Generate that HTML markup
Act as a 'glue' with other systems, such as a database, for data-persitence.
(X)HTML by itself it not dynamic : it's only used to display data.
And PHP by itself doesn't display much information : it generates them.
So, basically, you'll need to use both (X)HTML and PHP :
PHP for everything thats' dynamic
like interaction with a database, a form, ...
HTML (possibly generated by the PHP code) to display the data.
No, you will need some kind of server side scripting language to be able to interrogate a database, print out comments and send the generated HTML to the browser.
If you don't know how to use PHP, how about using an open source solution like WordPress, this is a bloging platform but offers all the things you listed.
I would suggest using WordPress because:
It is easy to learn, the documentation is excellent
There are thousands of free plugins to add functionality to your site
There is a plugin, Contact Form 7, that will allow your users to send your email while doing a good job of curbing spam
There is a built in RSS feed to push out to your users notices when your site is updated
WordPress can be installed on shared hosting, virtual private hosts, and almost any machine with the LAMP stack
If you are new to creating websites, WordPress has free themes which are a good starting place
Finally, to answer your question, XHTML and PHP do different things. XHTML is like the idea of a picture. You can see it, it has shapes, outlines, sometimes words, etc. Where as PHP is like film where viewers can see something, but there is something in the background that is updating and moving.
HTML is just a markup language used by the browser to format data to display to users.
Most hosting solutions provide form mailer scripts that just take an HTML form and email the fields to a specified email address which you can configure.
They also provide mailing list functionality.
So, maybe check for a (PHP) hosting solution that provide this functionality and you won't need to write any PHP until you require more complex, custom functionality.
Is there any way to disable or encrypt "View Source" for my site so that I can secure my code?
Fero,
Your question doesn't make much sense. The "View Source" is showing the HTML source—if you encrypt that, the user (and the browser) won't be able to read your content anymore.
If you want to protect your PHP source, then there are tools like Zend Guard. It would encrypt your source code and make it hard to reverse engineer.
If you want to protect your JavaScript, you can minify it with, for example, YUI Compressor. It won't prevent the user from using your code since, like the user, the browser needs to be able to read the code somehow, but at least it would make the task more difficult.
If you are more worried about user privacy, you should use SSL to make sure the sensitive information is encrypted when on the wire.
Finally, it is technically possible to encrypt the content of a page and use JavaScript to decrypt it, but since this relies on JavaScript, an experienced user could defeat this in a couple of minutes. Plus all these problems would appear:
Search engines won't be able to index your pages...
Users with JavaScript disabled would see the encrypted page
It could perform really poorly depending the amount of content you have
So I don't advise you to use this solution.
You can't really disable that because eventually the browser will still need to read and parse the source in order to output.
If there is something SO important in your source code, I recommend you hide it on server side.
Even if you encrypt or obfuscate your HTML source, eventually we still can eval and view it. Using Firebug for instance, we can see source code no matter what.
If you are selling PHP software, you can consider Software as a Service (SaaS).
So you want to encrypt your HTML source. You can encrypt it using some javascript tool, but beware that if the user is smart enough, he will always be able to decrypt it doing the same thing that the browser should do: run the javascript and see the generated HTML.
EDIT: See this HTML scrambler as an example on how to encrypt it:
http://www.voormedia.com/en/tools/html-obfuscate-scrambler.php
EDIT2: And .. see this one for how to decrypt it :)
http://www.gooby.ca/decrypt/
Short answer is not, html is an open text format what ever you do if the page renders people will be able to see your source code. You can use javascript to disable the right click which will work on some browsers but any one wanting to use your code will know how to avoid this. You can also have javascrpit emit the html after storing this encoded, this will have bad impacts on development, accessibility, and speed of load. After all that any one with firebug installed will still be able to see you html code.
There is also very really a lot of value in your html, your real ip is in your server code which stays safe and sound on your server.
This is fundamentally impossible. As (almost) everybody has said, the web browser of your user needs to be able to read your html and Javascript, and browsers exist to serve their users -- not you.
What this means is that no matter what you do there is eventually going to be something on a user's machine that looks like:
<html>
<body>
<div id="my secret page layout trick"> ...
</div>
</body>
</html>
because otherwise there is nothing to show the user. If that exists on the client-side, then you have lost control of it. Even if you managed to convince every browser-maker on the planet to not make that available through a "view source" option -- which is, you know, unlikely -- the text will still exist on that user's machine, and somebody will figure out how to get to it. And that will never happen, browsers will always exist to serve their users before all others. (Hopefully)
The same thing is true for all of your Javascript. Let me say it again: nothing that you send to a user is secure or secret from that user. The encryption via Javascript hack is stupid and cannot work in any meaningful sense.
(Well, actually, Flash and Silverlight ship binaries, but I don't think that they're encrypted. So they are at the least irritating to get data out of.)
As others have said, the only way to keep something secret from your users is to not give it to them: put the logic in your server and make sure that it is never sent. For example, all of the code that you write in PHP (or Python/Ruby/Perl/Java/C...) should never be seen by your users. This is e.g. why Google still has a business. What they give you is fundamentally uninteresting compared to what they never send to you. And, because they realize this, they try to make most things that they send you as open as useful as possible. Because it's the infrastructure -- the Terrabyte-huge maps database and pathfinding software, as opposed to the snazzy map that you can click and drag -- that you are trading your privacy for.
Another example: I'm not sure if you remember how many tricks people employed in the early days of the web to try and keep people from saving images to disk. When was the last time you ran across one of those? Know why? Because once data is on your user's machine, she controls it. Not you.
So, in short: if you want to keep something secret from your user, don't give it to her.
You cant. The browser needs the source to render the page. If the user user wishes the user may have the browser show the source. Firefox can also show you the DOM of the page. You can obfuscate the source but not encrypt or lock the user out.
Also why would you want this, it seem like a lame ass thing to do :P
I don't think there is a way to do this. Because if you encrypt how the browser will understand the HTML?
No. The browsers offer no ability for the HTML/javascript to disable that feature (thankfully). Plus even if you could the HTML is still transmitted in plain text ready for a HTTP sniffer to read.
Best you could do would be to somehow obscure the HTML/javascript to make it hard to read. But then debuggers like Firebug and IE 8's debugger will reconstruct it from the DOM making it easy to read,
You can, in fact, disable the right click function. It is useless to do so, however, as most browsers now have built in inspector tools which show the source anyway. Not to mention that other workarounds (such as saving the page, then opening the source, or simply using hotkeys) exist for viewing the html source. Tutorials for disabling the right click function abound across the web, so a quick google search will point you in the right direction if you fell an overwhelming urge to waste your time.
There is no full proof way.
But You can fool many people using simple Hack using below methods:
"window.history.pushState()" and
adding oncontextmenu="return false" in body tag as attribute
Detail here - http://freelancer.usercv.com/blog/28/hide-website-source-code-in-view-source-using-stupid-one-line-chinese-hack-code
You can also use “javascript obfuscation” to further complicate things, but it won’t hide it completely.
“Inspect Element” can reveal everything beyond view-source.
Yes, you can have your whole website being rendered dynamically via javascript which would be encrypted/packed/obfuscated like there is no tomorrow.