I am using HTMLPurifier for cleaning the post input but I'd like it to escape (html encode) all broken tags or suspicious symbols instead of removing them completely. I have searched through it's docs and this site but without any luck. Still hope that I have missed something.
Opening tag is the most irritating. If someone tries to post a formula or comparison, writes "param1<param2" and does not put space in between, the purifier gets it as a wrong tag opening and completely discards everything on the right side.
I am using htmlspecialchars inside [code] tags, but I want to allow some html outside and cannot encode everything.. That is why I'm filtering it with HTMLPurifier.
Your advice would be appreciated.
Try %Core.AggressivelyFixLt or using %Core.LexerImpl set to DirectLex. I don't know offhand if this will work, it may not.
A partial solution is to set %Core.EscapeInvalidTags; but it's a pretty imperfect fix, and it may mangle some text.
Related
I have a simple component that uses a xtype="textfield". In the JSP I am using the cq:text tag along with the escapeXml="true" attribute in order to escape the html characters. This works as it should. However if I start inline editing the component in the browser (not in chrome since it doesn't support it), the escaping no longer works and the html is converted to html code, reverting the escapeXml's action.
Does anyone know if this is a known bug of Inline Editing and what is the work around.
Thanks
Found the solution here. It's part of the cq:inplaceEditing configuration. If you need to fix the escaping, you will have to use plaintext as the editorType or you can simply disable inplaceEditing all together on a per component basis.
This is an example of how you could set your _cq_editConfig.xml
<jcr:root xmlns:cq="http://www.day.com/jcr/cq/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0"
cq:actions="[text:Hero Row,-,edit,delete,-,insert]"
cq:dialogMode="floating"
cq:disableTargeting="{Boolean}true"
jcr:primaryType="cq:EditConfig">
<cq:inplaceEditing
jcr:primaryType="cq:InplaceEditingConfig"
active="{Boolean}false"
editorType="plaintext"/>
</jcr:root>
Hope this helps anyone else out there.
Don't forget to say thank you
I was watching some videos on Egghead.io about AngularJS. The creator of the videos uses Webstorm (and, I believe, works for them). One feature I noticed is that he can set different syntax highlighting within different scopes or quotation marks. So, in code like the following (from an AngularJS directive)
return {
template: '<div>something</div>',
// ^^^ these guys ^^^
}
...he can get the inside of the quotation marks to highlight as HTML.
I use Sublime Text 2, and am fairly wedded to it. Is there an existing feature/plugin for Sublime that could handle a case like this? If not, is something like this technically possible using the Sublime Text 2 API?
I don't think it's built in, but it's certainly possible. I've been doing some work with graphviz and wanted to do something similar. Labels can be generated with html like syntax. Anyways, I played around with the .tmLanguage file and added a new pattern to match the context where html like entries were valid (I look for label = <). The patterns I used for the captures aren't that good, but it works for fine for me. This give me the following, which I think is similar to what you are looking for.
I don't know anything about AngularJS, so I can't help you with anything specific to that, but it is certainly possible. Note that in the image below, the last <table></table> are just to show that highlighting doesn't occur there.
Edit:
Forgot to include this in the original post, but here is my updated tmLangauage file. That first pattern is what I added(link). I used PlistJsonConverter to go from JSON to plist, then saved the file as .tmLanguage. Hope this helps.
#skuroda is right, I implemented #skuroda's code with an additional plugin to easily edit HTML within an AngularJS directive JS file. The result is HTML syntax highlighting within a directive JS file and additional functionality to remove string related delimiters while editing templates.... Sublime AngularJS HTML Template Plugin
So I'm using a tool to automatically indent after brackets in C files:
filetype plugin indent on
However, I also want to automatically close brackets, parens, and other code delimiters when I type the first part of them. To achieve this, I have added this to my vimrc:
inoremap ( ()<Left>
inoremap { {}<Left>
Now, however, when I press enter in between the two brackets that are created, my code is no longer automatically indented. If the automatic completion of brackets feature is disabled, it works fine, but I have to manually close my brackets. I have also tried using DelimiterMate to the same effect. Is there any way around this?
This Vim Tips Wiki page contains a full discussion of the topic, starting with simple mappings like yours. Because there are many corner cases and areas where it should just work, I recommend a plugin though. The mentioned page has a comprehensive list of plugins. (I occasionally use AutoClose by Karl Guertin.)
First time poster here, I'm a designer not skilled at all with php and I have a small issue I don't seem to be able to solve. I'm making a site in drupal 7 using a sub theme on zen.
Btw this is a great CMS, even though people say it's really more a developers CMS. I have no trouble to do what I need using views, rules, display suite etc. So a big thank you for all the developers out there making this such a good CMS. But for this apparently simple problem... no module will help me (I think) and I'm kinda stuck.
So here it is: I'd like to add a subtitle next to the title in all my pages.
So what I did was to add a custom field into the content type basic page (machine name: field_sub_title) which is a simple text field.
I uncommented the following line in my template.php
function mytheme_preprocess_page(&$variables, $hook) {
$variables['sub_title'] = t('field_sub_title');
}
Now my question is how do I load the content of my custom field into that variable?
I know i need to change the second part, but I don't have a clue as into what I need to change this.
Displaying the variable into the the page.tpl.php is something I know about so I only need help with the first part.
{EDIT}
Ok I found how to do this :)
I was looking for a solution in the wrong place. I don't need to change any thing in the template.php file.
Just needed to add this bit of code into my page.tpl.php:
<?php
print $node->field_sub_title['und'][0]['value'];
?>
So I'm posting this here for other Drupal newbies struggling with this....
Your solution may work for now, but there may be a more Drupal-y way to handle a problem like this. If you haven't noticed any problems yet, you may find one or more of the following issues down the road:
Someone who doesn't know php or Drupal theming may need to change the way this works.
If you're like me, you may forget where exactly in code this was implemented.
You may see superfluous markup and/or errors on nodes (content) that do not have this sub-title field (ie. event content not having a sub-title field while basic pages and news articles do).
When you add a field to a content type, it will automatically appear anytime content in that content type is displayed. You should be able to add the sub-title field for your page, event or whatever else you need and have it automatically appear in the markup.
You can 'manage display' of a content type to drag and drop the order for fields to appear. You could take it a step further by using a module like Display Suite to add formatting or layout per-content type.
If you feel like this isn't good enough and the markup for the subtitle must be at the same level as the page title (which is rare), at least add an if statement to make your code check to see if the variable is present before trying to print it. I'd also add a new variable and comments for code readability.
<?php
$subtitle = $node->field_sub_title['und'][0]['value'];
if($subtitle){
print $subtitle;
}
?>
Consider using field_get_items or field_view_value, or at least use the LANGUAGE_NONE constant instead of 'und'
See https://api.drupal.org/api/drupal/modules%21field%21field.module/function/field_get_items/7 and https://api.drupal.org/api/drupal/modules!field!field.module/function/field_view_value/7
This has the added benefit of reducing the number of potential security holes you create.
I want to process a template with a Google plusone button in it through phpQuery and I run into the following problem:
require_once( "phpQuery.php" );
$p = phpQuery( "<g:plusone></g:plusone>" );
echo $p->html();
the expected output would be:
<g:plusone></g:plusone>
But instead the output of this is:
<plusone></plusone>
Which doesn't match up with what google is expecting, so the button doesn't work any more. How can I stop phpQuery from changing (fixing?) my code, or how can I work around this problem without changing the string from plusone to g:plusone once the processing is done? (that's a nasty workaround, plus, I run into more of these 'translation'-problems in phpQuery).
I had the same problem while including a google+ badge. I could force the code generator from google to generate code with a div container. I just had to tick the "html5 valid code" checkbox.
I've been looking all over for solutions for this problem, to no avail. I found a horrible workaround. I'm sure this is NOT the most elegant way to do this, but at least it fixes the problem.
Instead of the tags:
<g:plusone>...</g:plusone>
use:
<g__0058__plusone>...</g__0058__plusone>
Then simply str_replace the result before you're outputting:
echo str_replace("__0058__",":",$doc->html());
Basically in a tag where you would normally put a colon (:) you put 0058 instead. It's a very non-elegant solution, I realise that, but at least it's a workaround to this old problem.