I have method which is returning html as a string value. I thought while displaying it will show me string in bold on browser but its showing me the string as is on browser.
public String getHtml() {
return "<b>kunal</b>";
}
<sly data-sly-use.item="demo.html.DemoHtml">
${item.html}
</sly>
Output:
<b>kunal</b>
Any workaround on this?
HTL/Sightly includes XSS protection and will escape your string by default unless you explicitly tell it contains HTML (see https://github.com/Adobe-Marketing-Cloud/htl-spec/blob/master/SPECIFICATION.md#121-display-context):
${item.html # context='html'}
Related
The API docs are not much descriptive:
Get default placeholder for any component incl. title as text information
Here's the method signature:
public static String getDefaultPlaceholder(ServletRequest slingRequest,
Component component,
String defaultPlaceholder)
What's a Placeholder? What is/should be returned by getDefaultPlaceholder?
What's the purpose of defaultPlaceholder? What should I pass as defaultPlaceholder? What would happen if I pass null?
When a component does not have any content defined you need to put a placeholder to occupy its place (for the editor to know there's a component there).
The getDefaultComponent returns a HTML snippet that works as the placeholder. It consists of an empty div with attributes class and data-emptytext with the title of the component as its value.
<div class="" data-emptyText="component.getTitle()"></div>
You can also pass an additional parameter with a list of strings and they will be added in the class attribute of the div.
getDefaultPlaceholder(ServletRequest slingRequest,
Component component,
String defaultPlaceholder,
String... addClasses)
I'm trying to test with Selenium if a value has been loaded from the server in a RichTextArea in GWT.
I'm doing
#FindByDebugId("gwt-debug-about-me")
private WebElement aboutMeRichText;
When I send keys, there's no problem, the text is printed in the RichTextArea.
But when I try this (retrieve the value):
aboutMeRichText.getText()
it returns an empty String.
When I look at what's generated in the HTML, it's something like that :
<iframe class="GJUJXOPBLP-com-asdf-asdf-client-resource-Resources-Styles-textBox hasRichTextToolbar" id="gwt-debug-about-me">
#document
<html><head></head><body>Hi there !</body></html>
</iframe>
How should I do to retrieve the "Hi there !" text?
It's an iframe, which is not the same with normal WebElement, so you need to switch to it first.
driver.switchTo().frame(aboutMeRichText);
WebElement body = driver.findElement(By.TagName("body")); // then you find the body
body.getText();
// get out of the editor
driver.switchTo().defaultContent();
I'm just getting into using #Template and #XTemmplate within my code.
I'm always concerned about user originated content vs trusted content.
This is the sample from GWT SafeHtml
public interface MyTemplates extends SafeHtmlTemplates {
#Template("<span class=\"{3}\">{0}: {2}</span>")
SafeHtml messageWithLink(SafeHtml message, String url, String linkText,
String style);
}
This is the sample from the GXT XTemplate doc
public interface SampleXTemplates extends XTemplates {
#XTemplate("<div>Hello, {name}!</div>")
SafeHtml hello(String name);
}
In either, is there a way in the template to declare a display field to be sanitized or trusted?
Something ala HtmlSanitizer
All String values rendered in an XTemplate/SafeHtmlTemplates are automatically sanitized - try passing in <, >, or & characters. This is true whether they are passed in to an attribute or the space between tags. If GWT cannot enure the safety of such a string (such as passing it into the href attribute of the a tag, or into a style attribute), it will emit a warning. Your first example is likely to get such a warning.
SafeHtml instances can be passed in to declare 'I know that this string is safe'. Typically, you create those using SafeHtmlUtils, a SafeHtmlBuilder instance, or another template of some kind.
Safe urls can be SafeUri instances - create them with UriUtils. This will get around the possible warning in your first example.
Safe styles can be SafeStyles instances - create them using SafeStylesBuilder instances or static methods in the SafeStylesUtils class.
And finally, as an implementation detail, XTemplates are generated by parsing out the logic and the named parameters and getters, and turned into SafeHtmlTemplates before generated into JavaScript. This ensures that anything that SafeHtmlTemplates will make safe will also be safe in XTemplates.
I am using DynamicJasper to generate reports from some tables at run time. I have some fields that the data has been styled using basic html tags as the data was created. Very basic tags like bold and italic, and jasper reports can handle them by setting the markup attribute of the textElement to html. The problem is a can not find a way to change it using DynamicJasper.
I have tried using addFieldProperty("markup", "html") found in ColumnBuilder, but that adds markup as a property to the field markup (probably obvious that it should do that based on the name) instead of the text elemennt.
How to you change the markup value for a text element using DynamicJasper?
The DynamicJasper API does not contain methods to set markup.
But you can use JasperReports API for this needs.
For example, the JRBasePrintText class and JRCommonText interface have method for setting markup:
public void setMarkup(java.lang.String markup)
The JRCommonText interface has constant fields:
public static final String MARKUP_NONE = "none";
public static final String MARKUP_STYLED_TEXT = "styled";
public static final String MARKUP_HTML = "html";
public static final String MARKUP_RTF = "rtf";
You can modify DynamicJasper classes for your needs like in this post, for example.
I have a JSP page in which I have JavaScript function that will be called when a link is clicked. Now, when the value reaches the JavaScript function, the apostrophe is encoded.
Example:
Name#039;s
Before # there is &, which originally should be:
Name's
I have used the unescape() decode function, but nothing seems to work. In the end, I had to delete the characters and add the apostrophe. Does anyone know a fix for this? Is it that JSP doesn't support encoding for &? When I was writing the same encode value in this page, it changed the symbol to the apostrophe, which is what I wanted in my code.
Built-in Javascript function such as unescape(), decodeURIComponent() has nothing to do with the string you are working on, because the one you are looking to decode are HTML entites.
There are no HTML entites decoder available in Javascript, but since you are working with a browser, if the string is considered safe, you may do the following (in JQuery, for example)
var str = $('<p />').html(str).text();
It bascially insert the string as HTML to a <p> element and then extract the text within.
Edit: I just realize the JSP output you posted is not real HTML entities; To process the example given you should use the following, add & before every #1234; and make it Ӓ:
var str = $('<p />').html(str.replace(/\#(\d+)\;/g '&#$1;')).text();