I am trying to format some bad html to output into a pop window. The html is stored in a field in a mysql database.
I have been performing json_encode and htmlspecialchars on the row in the php like so:
$html = htmlentities(json_encode($row2['ARTICLE_DESC']));
and calling my makewindows function, which simply takes the html as a paramter and uses it withdocument.write like so:
<p>Click for full description </p>
This works ok, as in some html code is produced, such as the following:
http://www.nomorepasting.com/getpaste.php?pasteid=22823&seen=true&wrap=on&langoverride=html4strict
pasted there because I do not know how to wrap lines in SO
The problem is that htmlspecialchars does not seem to be stripping bad html data, as no popup window is created. The error I receive with firebug is
missing ) after argument list
However the html is outside of my control.
From what I have read, I am taking the correct steps. If I am missing something out, what is it?
My full make windows function:
function makewindows(html){
child1 = window.open ("about:blank");
child1.document.write(html);
child1.document.close();
}
You shouldn't have the single quotes in the function call. It should look like this:
<p>Click for full description </p>
Then the output will look like
<p>Click for full description </p>
which is correct.
Try it the following way:
$html = htmlentities(json_encode($row2['ARTICLE_DESC']),ENT_QUOTES);
I think the single quotation marks are not escaped by default.
Nevertheless I recommend you saving the html in a JavaScript variable before opening the window.
Related
I was using widgEditor for taking user input. When I write something and go next like it automatically shows a div and generate html which I don't want to store.
Suppose when I print the editor text I saw output like
"explain" => "<p>fasd</p><div>ds</div><div>fa</div><div><br /></div><div>fs</div><div><br /></div>
Though it should give me the output the way i typed means putting image inside of it ..next line etc.
controller code:
$error = new Error();
$error->explain =$request->Input(['explain']);
dd($error);
How do I get appropriate output?
You can use preg_replace, something like this:
preg_replace("/<div>(.*?)<\/div>/", "$1", $request->Input(['explain']));
You could make use of strip_tags() method
$error->explain = strip_tags($request->Input(['explain']));
I have a problem with eval() function. Please do not comment something like "Don't use eval" or anything of this kind of thing, as this is not helpful. I have a very good reason to use eval().
Basically I am getting a value from a text field in html on my web page as input code to be executed, like so:
$code = $_POST['code'];
Then, am passing that value to eval function in the html body, like so:
eval($code);
the results are displayed like this:
<h1>test</h1>
the above is displayed string. I want this to execute the html part of it is well. Funny thing is if I try this in a different file like this:
<?php
$code = "echo '<h1><b>TEST</b></h1>';";
eval($code);
?>
I get the desired result, which is a proper processed html element h1 with "TEST" in it.
Any ideas?
Thanks in advance
$_POST['code'] apparently contains HTML entity codes, e.g.
"echo '<h1>test</h1>';"
You need to decode it before calling eval.
eval(html_entity_decode($_POST['code']));
I have this textarea called personalInfos where i fill the infos in following format :
<p><span class="white">1966 - '69</span><br/> text .... </p>
When i submit it to database, it gets saved ok, same format. When i retrieve the code from database to admin textarea it gets filled ok.
My only problem is on front end where i get displayed the code as text not rendered as html code. So basiclly i see it on the page like this :
<p><span class="white">1966 - '69</span><br/>
Most likely you display fetched code parsed processed by htmlentities() or similar function. This is in most cases the way to go to avoid planting i.e. html in comments. So simply stop doing this after fetching (or insert - depends where you do so) and your content will be outputed as literaly HTML and properly processed by web browser.
You should have a look at htmlspecialchars_decode()
Example
$str = '<p><span class="white">1966 - \'69</span><br/> text .... </p>';
echo htmlspecialchars_decode($str);
Also make sure to escape the single quotes as well.
How can I get the raw code of a comment in ExpressionEngine (frontend)?
The thing is this: If a comment contains Code or HTML like [quote]-Tags, the ee-native {comment}-Tag renders this as <blockquote>Life is like a box of… … but how can I get the raw code like [quote]Life is like a box of…?
I'm currently working on a Quote-Feature (frontend/JavaScript) for native EE comments. Till now I've worked with jQuery.text() or .html() … but both ways you get no tag (.text()) or html-tags (.html()).
Isn't there a way to get the raw comment code (for example into a data-attribute or script-tag) to later use with JavaScript?
Edit (1): I've tried SQL — is this the only/best way to do this?
<blockquote data-raw="{exp:query sql="SELECT exp_comments.comment AS comment_raw FROM exp_comments WHERE exp_comments.comment_id = {comment_id} "}{comment_raw}{/exp:query}">
{comment}
</blockquote>
Edit (2): The SQL works fine, but if there is a " inside the raw comment code, the whole thing breaks because the browser thinks this is the closing quote of the «data-raw»-attribute :-/ Is there a Way to 'mask' all characters? (" and ' and < and > etc.)
Edit (3): I now use a <script>-Tag to insert the {comment_raw}-code, this way the characters do not disturb.
You'd probably be better off retrieving the raw comment via an ajax call rather than adding a query for every single comment on the page. You'd avoid the performance hit and wouldn't need to worry about storing large strings in data attributes. I'd probably do something like this:
Create a new 'get_comment' template containing the {exp:query} tag with WHERE comment_id = '{segment_X}'
When a user hits the reply/quote button use jQuery.get() to send a request to your get_comment template, passing in the comment_id based on a data-commentid attribute on the reply button.
Update your input's value with the .get() response.
I have some multi line text saved in MySql database (VARCHAR 255). When i load it, and process it using standard php function "nl2br", it echoes fine (multi line). But, when i load multi line text from database, make it "nl2br" and then send it to javascript (so it gets displayed in textarea), it won't be displayed! What's wrong?
echo "<SCRIPT>FillElements('".$subject."','".$text."');</SCRIPT>";
P.S.
FillElements function:
function FillElements(Sub,Txt)
{
document.getElementById('txtSubject').value=Sub;
document.getElementById('txtMessage').value=Txt;
}
textareas don't actually store the contents in an attribute like value in the same manner as input elements. They actually store the contents in in between the <textarea> and </textarea> tags. Meaning that the contents is actually treated as CDATA in the document.
<textarea>
This is my Content
</textarea>
Produces a text area with "This is my Content" as the contents.
The implication of this is that you cannot use the code you have to alter the contents of a textarea. You have to alter the innerHTML property of the textarea. I have set up a simple example here:
http://jsfiddle.net/wFZWQ/
As an aside, since you are populating the fields using PHP on the creation of the page, why not merely fill the data in the HTML markup, this seems like a long way round to do it.
Also, since you don't appear to be using it, have you seen [jQuery][1] it abstracts alot of things out, so instead of typing document.getElementById("the_id") to get an element you can use CSS selectors and merely write $("#the_id") to get the same element. You also get a load of useful functions that make writing javascript mucxh easier.
[1]: http://jquery.com jQuery
Newline tags (<br />) don't cause actual new lines in <textarea>.
You can pass the "real" newlines (\n) to your <textarea>, though.
I created a fiddle for that.
EDIT: For the updated FillElements code:
$subject = "String\nWith\nMultiple\nLines";
printf('<script type="text/javascript">FillElements(%s)</script>',
json_encode($subject)
);
My guess is that your HTML source code looks like this:
<script>FillElements("foo","foo
bar
baz");<script>
Correct?
In JavaScript, strings cannot span multiple lines...