I have the following properties string
GET 50% OFF ANY M'EDIUM OR L"AR"GE PIZZA!
I am using it in an HTML onclick markup like so
onclick="trackPromoCta(encodeURI(${properties.ctaTwoTextRight # context='text'}));"
However this outputs invalid html. I tried #context of scriptString and that escapes but only for inside JavaScript not for inside HTML markup. I tried all of the other options as well and none of them actually escape special characters for rendering HTML.
I saw someone once use a #format to search the string for these characters and escape them for HTML but I can't find out how to use #format to do this.
The expected output should be
onclick="trackPromoCta(encodeURI('GET 50% OFF ANY M'EDIUM OR L"AR"GE PIZZA!'));"
Take a look at the HTL spec for display context: https://github.com/Adobe-Marketing-Cloud/htl-spec/blob/master/SPECIFICATION.md#121-display-context
What you need is scriptString since your string property will eventually be used as a javascript string literal.
${properties.jcr:title # context='scriptString'} <!--/* Applies JavaScript string escaping */-->
Also, you need to enclose your HTL expression with single quotes, for example:
var str = '${'this is a js string literla' # context='scriptString'}'
The HTL code for you specific example would be:
onclick="trackPromoCta(encodeURI('${properties.ctaTwoTextRight # context='scriptString'}'));"
The #context value "text", "html" or "attribute" will return encoded values in your resulting html. As per documentation too, text encodes all HTML special characters.
If you go through your html's code using "View Page Source" and not via "Inspect element of developer tools". You will see the expected outcome.
onclick="trackPromoCta(encodeURI('GET 50% OFF ANY M'EDIUM OR L"AR"GE PIZZA!'));"
Reference:
https://helpx.adobe.com/experience-manager/htl/using/expression-language.html
Related
In a command controller I am using a StandaloneView to create a plain text file. The (simplified) code I use for that is:
$view = GeneralUtility::makeInstance(StandaloneView::class);
$view->setFormat('txt');
$view->setTemplatePathAndFilename('EXT:myext/Resources/Private/Templates/test.txt');
$view->assignMultiple([
'test' => 'test&test',
]);
$content = $view->render();
The resulting content if the template is just {test} is test&test, which I'd expect for html format, but not for txt. I've tried setting the format to txt, text and text/plain, but that doesn't affect the result. I know I can use <f:format.raw>, but is there a different way to prevent the HTML characters to be escaped if the format is not html?
I'm using TYPO3 10.4.20.
You can disable output escaping with:
<!-- Disabling HTML escaping for an entire file -->
{escaping off}
Any variables you render will not need to use f:format.raw
even if they contain special HTML entities. Useful when
you render formats other than HTML; or when you completely
trust (read: escaped before assigning to view) all your
variables that get output.
Use with care - caveat emptor!
( https://werkraum.net/devblog/fluid-tipp-8-html-escaping-deaktivieren/ )
I have a subreport in SSRS which returns a text embedded in HTML tags. I will like to know if there is a way of stripping these HTML tags so as to only have the text. I am using VS 2008.
I have tried using a regex function as below to strip the HTML tags but this does not work:
Shared FUNCTION RemoveHtml(ByVal Text As String) AS String
IF Text IsNot Nothing Then
Dim mRemoveTagRegex AS NEW System.Text.RegularExpressions.Regex(“<(.|\n)+?>”)
Return mRemoveTagRegex.Replace(text, "")
End If
end function
You could probably just use a combination of the built-in functions provided with SSRS to do what you need. I'd recommend combining Mid with InStr. The following expression will take the value between the last character of the opening HTML tag and the first character of the closing HTML tag.
=MID(Fields!Field.Value,
InStr(Fields!Field.Value, ">") + 1,
InStrRev(Fields!Field.Value, "</")
-Len(Left(Fields!Field.Value,
InStr(Fields!Field.Value, ">") + 1)))
Edit: It got a little more complex than I thought, but this should do the trick.
The <sup></sup> tag is used for superscripts. Creating a code block is done with backticks. The issue I have is when I try to create a superscript within a code block, it prints out the <sup></sup> tag instead of formatting the text between the tag.
How do I have superscript text formatted correctly when it's between backticks?
Post solution edit
Desired output:
A2 instead of A<sup>2</sup>
This is not possible unless you use raw HTML.
The rules specifically state:
With a code span, ampersands and angle brackets are encoded as HTML entities automatically, which makes it easy to include example HTML tags.
In other words, it is not possible to use HTML to format text in a code span. In fact, a code span is plain, unformatted text. Having any of that text appear as a superscript would mean it is not plain, unformatted text. Thus, this is not possible by design.
However, the rules also state:
Markdown is not a replacement for HTML, or even close to it. Its
syntax is very small, corresponding only to a very small subset of
HTML tags. The idea is not to create a syntax that makes it easier
to insert HTML tags. In my opinion, HTML tags are already easy to
insert. The idea for Markdown is to make it easy to read, write, and
edit prose. HTML is a publishing format; Markdown is a writing
format. Thus, Markdown's formatting syntax only addresses issues that
can be conveyed in plain text.
For any markup that is not covered by Markdown's syntax, you simply
use HTML itself. ...
So, if you really need some text in a code span to be in superscript, then use raw HTML for the entire span (be sure to escape things manually as required):
<code>A code span with <sup>superscript</sup> text and escaped characters: "<&>".</code>
Which renders as:
A code span with superscript text and escaped characters: "<&>".
This is expected behaviour:
Markdown wraps a code block in both <pre> and <code> tags.
You can use Unicode superscript and subscript characters within code blocks:
class SomeClass¹ {
}
Inputting these characters will depend on your operating system and configuration. I like to use compose key sequences on my Linux machines. As a last resort you should be able to copy and paste them from something like the Wikipedia page mentioned above.
¹Some interesting footnote, e.g. referencing MDN on <pre> and <code> tags.
If you're luck, the characters you want to superscript (or subscript) may have dedicated codepoints in Unicode. These will work inside codeblocks, as demonstrated in your question, where you include A² in backticks. Eg:
Water (chemical formula H₂O) is transparent, tasteless and odourless.
I've listed out the super and subscript Unicode characters in this Gist. You should be able to copy and paste any you need from there.
When I have doble marks encoded in my HTML attributes, tinymce breaks that attributes.
For example:
data-value="ab"e;----"e;"> will be seen in source code: <div data-type="more-posts" data-value="ab">Hello</div>
http://codepen.io/anon/pen/MKYrbJ
How can I fix this?
If you would have real double quotes here your HTML would not be valid anymore because attributes use them.
It will be best do handle those when you save that content to your database.
You could replace them with single quotes - those wouldn't break the markup.
When a user fills out a form how do I go about escaping the user input in express.js?
Does express.js do this by default? I can't find a source.
Do I have to use a third-party module like express-validator.js?
UPDATE
I figured out the difference between escaping and validating.
What I wanted to do was escape user input but what I should be doing is validating it, making sure it's in a valid format and then escape the output to the form if it is not valid providing the user exactly what they inputted.
<%= some_html %> will automatically escape it. <%- some_html %> will output html intact.
Exactly what kind of escaping do you need to do? Express will automatically decode (not unescape) the query string for you and make it available as req.query. URL params will also be unencoded for you automatically.
If you need to escape HTML that includes user input when rendering, you should do that via your template engine. Most template engines such as jade (= value) or handlebars or mustache ({{value}}) will escape HTML by default, and require an explicit syntax to pass data through unescaped ( != value in jade or {{{value}}} in handlebars/mustache).