In python-sphinx there is the only directive, which can be used to conditionally influence the document according to its output. For instance text appears in html or latex only.
It is use like this:
.. only:: not latex
Here there is some Text, that does not appear in latex output.
.. only:: html
Here there is some Text, that only appears in html output.
How can I use the role directive in the right way to use the only-class inline, let's say like this:
Here there is some Text, that :only-notlatex:`does not appear in latex`:only-html:`only appears in html`.
I saw something similar for the raw directive. Is this also possible for the only directive? I tried:
.. role:: only-html(only)
:format: html
.. role:: only-notlatex(only)
:format: not latex
But this does not work.
Directives work on blocks of text (whole paragraphs); roles are for inline text (within paragraphs).
You mentioned raw, and there is indeed both a directive and a role with that name, for "raw data pass-through".
But there is no built-in role that is the inline equivalent of the only directive. You will have to create your own custom role for this purpose. I can't provide any detailed instructions, but here is an article that can help you get started: http://doughellmann.com/2010/05/09/defining-custom-roles-in-sphinx.html.
Related
I'm using HTMLpurifier to sanitize inputs in my PHP application:
I have CC and BCC inputs something like:
Test Admin <test#domain.com>
when I do purify this string, it only keeps: Test Admin (without email between tags)
Please advise!
This probably means you've got an escaping issue somewhere in your pipeline before HTML Purifier - something that's putting E-Mail text into an HTML context without HTML escaping it. HTML you need to purify that looks like this:
<p><label for "id">Email</label><span id="email">Test Admin <test#domain.com></span></p>
...should really look like this:
<p><label for "id">Email</label><span id="email">Test Admin <test#domain.com></span></p>
If you have no control over the step that's inserting data into the HTML you ultimately want to purify before displaying, you can use this to preprocess your HTML before feeding it to HTML Purifier:
$htmlWithEmail = preg_replace('/<([^<>#]*#[^<>#]*)>/', '<${1}>', $htmlWithEmail);
On the other hand - and I mention this because I know only a little bit about your use-case right now - if you're not actually trying to preserve HTML, if the string you're purifying is literally just Test Admin <test#domain.com> with nothing else (unlike the example I crafted above), htmlspecialchars() should be your weapon of choice when outputting into HTML, not HTML Purifier.
HTML Purifier's purpose is not all-purpose data sanitation, it really does exist only for the use-case where you have HTML, you want to preserve it if it's well-behaved, and then output it as HTML. You can find some more info about escaping for context here: https://stackoverflow.com/a/37641037/245790
When passing value from salesforce to javascript I can simple do
var test = '{!myname}';
But how can i escape this so that I can take care of name with symbol like single quote?
I noticed String.escapeSingleQuote exists but can only be used in class not in vfpage
Check the range of "encoding functions" (bottom of the page).
var test = '{!JSENCODE(myname)}';
will be probably best. The help reference of these functions says that they work only in buttons/links but I've used them several times on VF pages. In fact they're recommended way of strengthening your code against XSS etc attacks.
You could also use <apex:outputField> everywhere and fetch the content of fields by id for example. By default most tags that output text data have escape="true" set.
I was watching some videos on Egghead.io about AngularJS. The creator of the videos uses Webstorm (and, I believe, works for them). One feature I noticed is that he can set different syntax highlighting within different scopes or quotation marks. So, in code like the following (from an AngularJS directive)
return {
template: '<div>something</div>',
// ^^^ these guys ^^^
}
...he can get the inside of the quotation marks to highlight as HTML.
I use Sublime Text 2, and am fairly wedded to it. Is there an existing feature/plugin for Sublime that could handle a case like this? If not, is something like this technically possible using the Sublime Text 2 API?
I don't think it's built in, but it's certainly possible. I've been doing some work with graphviz and wanted to do something similar. Labels can be generated with html like syntax. Anyways, I played around with the .tmLanguage file and added a new pattern to match the context where html like entries were valid (I look for label = <). The patterns I used for the captures aren't that good, but it works for fine for me. This give me the following, which I think is similar to what you are looking for.
I don't know anything about AngularJS, so I can't help you with anything specific to that, but it is certainly possible. Note that in the image below, the last <table></table> are just to show that highlighting doesn't occur there.
Edit:
Forgot to include this in the original post, but here is my updated tmLangauage file. That first pattern is what I added(link). I used PlistJsonConverter to go from JSON to plist, then saved the file as .tmLanguage. Hope this helps.
#skuroda is right, I implemented #skuroda's code with an additional plugin to easily edit HTML within an AngularJS directive JS file. The result is HTML syntax highlighting within a directive JS file and additional functionality to remove string related delimiters while editing templates.... Sublime AngularJS HTML Template Plugin
Two questions:
I have been reading docs and SO posts.. and know how to do it the long way (defining each and every element and attribute myself), but all I want to do is add 2 or 3 attributes to the default whitelist.. so that I do not have to constantly find and add more elements/attributes to, e.g., HTML.AllowedElements and/or HTML.AllowedAttributes.
Specifically, now, (for internal trusted users) I need to allow javascript attributes (input from tinymce). Question #1.) Is there a way to just add an attribute (to what HTMLpurifier allows) without causing the whole default sets of allowed elements/attributes to be effectively wiped out (overwritten by ONLY what is explicitly written in HTML.AllowedElements or HTML.AllowedAttributes)?
For what I need right now (the javascript attributes), I got excited when I saw in this thread:
Whitelist Forms in HTML Purifier Configuration
...where Edward Z. Yang says, "... [$config->set('HTML.Trusted', true);] allows JavaScript."
...but even after setting this: $config->set('HTML.Trusted', true);, HTMLpurifier 4.4.0 is still stripping e.g. any input onclick="dostuff();" attribute. Why? Question #2.) Is there a quick way to add just the javascript attributes to the allowed list?
You're losing onclick because HTML Purifier doesn't know about that attribute, and if HTML Purifier passed everything through when you turned on %HTML.Trusted you might as well just not use HTML Purifier at all.
HTML Purifier has attribute collections for just this case; 'Common' is probably the right one to insert them into.
But... why? The real name of %HTML.Trusted really should be %HTML.UnsafeMakeMyApplicationVulnerable
HTMLPurifier does not support onClick and similar java script related attributes to any HTML element as a default behaviour.So if you wish to allow such attribute any way, you may add such attribute to specific element in following way.
$config = HTMLPurifier_Config::createDefault();
$def = $config->maybeGetRawHTMLDefinition()
$def->addAttribute('a', 'onclick', 'Text');
But be careful, this may lead to xss attack as you are allowing any java script code to be there in that attribute.
I have a question and i want to know if i can mix 2 existing contenTypes together into one custom contenType. I need my own content type with contenType RichTextContent and ImageContent so that i can use a special template to show an image right and text left.
Is this possible ?.
Yes, it's definitely possible. I've written my own custom contenttypes for similar reasons. You should review the code for the RichTextContent model in <Python egg dir>/feincms/content/richtext/models.py
You'll want to implement your own model class, and override the render() method to use django.template.loader.render_to_string() to load the template you want.