In a command controller I am using a StandaloneView to create a plain text file. The (simplified) code I use for that is:
$view = GeneralUtility::makeInstance(StandaloneView::class);
$view->setFormat('txt');
$view->setTemplatePathAndFilename('EXT:myext/Resources/Private/Templates/test.txt');
$view->assignMultiple([
'test' => 'test&test',
]);
$content = $view->render();
The resulting content if the template is just {test} is test&test, which I'd expect for html format, but not for txt. I've tried setting the format to txt, text and text/plain, but that doesn't affect the result. I know I can use <f:format.raw>, but is there a different way to prevent the HTML characters to be escaped if the format is not html?
I'm using TYPO3 10.4.20.
You can disable output escaping with:
<!-- Disabling HTML escaping for an entire file -->
{escaping off}
Any variables you render will not need to use f:format.raw
even if they contain special HTML entities. Useful when
you render formats other than HTML; or when you completely
trust (read: escaped before assigning to view) all your
variables that get output.
Use with care - caveat emptor!
( https://werkraum.net/devblog/fluid-tipp-8-html-escaping-deaktivieren/ )
Related
I have the following properties string
GET 50% OFF ANY M'EDIUM OR L"AR"GE PIZZA!
I am using it in an HTML onclick markup like so
onclick="trackPromoCta(encodeURI(${properties.ctaTwoTextRight # context='text'}));"
However this outputs invalid html. I tried #context of scriptString and that escapes but only for inside JavaScript not for inside HTML markup. I tried all of the other options as well and none of them actually escape special characters for rendering HTML.
I saw someone once use a #format to search the string for these characters and escape them for HTML but I can't find out how to use #format to do this.
The expected output should be
onclick="trackPromoCta(encodeURI('GET 50% OFF ANY M'EDIUM OR L"AR"GE PIZZA!'));"
Take a look at the HTL spec for display context: https://github.com/Adobe-Marketing-Cloud/htl-spec/blob/master/SPECIFICATION.md#121-display-context
What you need is scriptString since your string property will eventually be used as a javascript string literal.
${properties.jcr:title # context='scriptString'} <!--/* Applies JavaScript string escaping */-->
Also, you need to enclose your HTL expression with single quotes, for example:
var str = '${'this is a js string literla' # context='scriptString'}'
The HTL code for you specific example would be:
onclick="trackPromoCta(encodeURI('${properties.ctaTwoTextRight # context='scriptString'}'));"
The #context value "text", "html" or "attribute" will return encoded values in your resulting html. As per documentation too, text encodes all HTML special characters.
If you go through your html's code using "View Page Source" and not via "Inspect element of developer tools". You will see the expected outcome.
onclick="trackPromoCta(encodeURI('GET 50% OFF ANY M'EDIUM OR L"AR"GE PIZZA!'));"
Reference:
https://helpx.adobe.com/experience-manager/htl/using/expression-language.html
The <sup></sup> tag is used for superscripts. Creating a code block is done with backticks. The issue I have is when I try to create a superscript within a code block, it prints out the <sup></sup> tag instead of formatting the text between the tag.
How do I have superscript text formatted correctly when it's between backticks?
Post solution edit
Desired output:
A2 instead of A<sup>2</sup>
This is not possible unless you use raw HTML.
The rules specifically state:
With a code span, ampersands and angle brackets are encoded as HTML entities automatically, which makes it easy to include example HTML tags.
In other words, it is not possible to use HTML to format text in a code span. In fact, a code span is plain, unformatted text. Having any of that text appear as a superscript would mean it is not plain, unformatted text. Thus, this is not possible by design.
However, the rules also state:
Markdown is not a replacement for HTML, or even close to it. Its
syntax is very small, corresponding only to a very small subset of
HTML tags. The idea is not to create a syntax that makes it easier
to insert HTML tags. In my opinion, HTML tags are already easy to
insert. The idea for Markdown is to make it easy to read, write, and
edit prose. HTML is a publishing format; Markdown is a writing
format. Thus, Markdown's formatting syntax only addresses issues that
can be conveyed in plain text.
For any markup that is not covered by Markdown's syntax, you simply
use HTML itself. ...
So, if you really need some text in a code span to be in superscript, then use raw HTML for the entire span (be sure to escape things manually as required):
<code>A code span with <sup>superscript</sup> text and escaped characters: "<&>".</code>
Which renders as:
A code span with superscript text and escaped characters: "<&>".
This is expected behaviour:
Markdown wraps a code block in both <pre> and <code> tags.
You can use Unicode superscript and subscript characters within code blocks:
class SomeClass¹ {
}
Inputting these characters will depend on your operating system and configuration. I like to use compose key sequences on my Linux machines. As a last resort you should be able to copy and paste them from something like the Wikipedia page mentioned above.
¹Some interesting footnote, e.g. referencing MDN on <pre> and <code> tags.
If you're luck, the characters you want to superscript (or subscript) may have dedicated codepoints in Unicode. These will work inside codeblocks, as demonstrated in your question, where you include A² in backticks. Eg:
Water (chemical formula H₂O) is transparent, tasteless and odourless.
I've listed out the super and subscript Unicode characters in this Gist. You should be able to copy and paste any you need from there.
When I have doble marks encoded in my HTML attributes, tinymce breaks that attributes.
For example:
data-value="ab"e;----"e;"> will be seen in source code: <div data-type="more-posts" data-value="ab">Hello</div>
http://codepen.io/anon/pen/MKYrbJ
How can I fix this?
If you would have real double quotes here your HTML would not be valid anymore because attributes use them.
It will be best do handle those when you save that content to your database.
You could replace them with single quotes - those wouldn't break the markup.
When a user fills out a form how do I go about escaping the user input in express.js?
Does express.js do this by default? I can't find a source.
Do I have to use a third-party module like express-validator.js?
UPDATE
I figured out the difference between escaping and validating.
What I wanted to do was escape user input but what I should be doing is validating it, making sure it's in a valid format and then escape the output to the form if it is not valid providing the user exactly what they inputted.
<%= some_html %> will automatically escape it. <%- some_html %> will output html intact.
Exactly what kind of escaping do you need to do? Express will automatically decode (not unescape) the query string for you and make it available as req.query. URL params will also be unencoded for you automatically.
If you need to escape HTML that includes user input when rendering, you should do that via your template engine. Most template engines such as jade (= value) or handlebars or mustache ({{value}}) will escape HTML by default, and require an explicit syntax to pass data through unescaped ( != value in jade or {{{value}}} in handlebars/mustache).
I want to convert an HTML tag that tinymce returns into a different format.
e.g.
The italics tag I want to convert to #i#
Is that possible with the editor itself?
During postback I strip all html tags, so I need it in a different safer format.
Add an onsubmit call to your form and use a simple javascript function to string replace the html tags you want to keep.
A more constructive method that might achieve what you want is to use the built in 'Valid elements' feature of tinymce. You can specify exactly which HTML tags you want to keep and it will strip out anything else. Plus it might be able to save you the step of stripping out the HTML yourself.
e.g.
valid_elements : "i,b,u",
http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/valid_elements