When I have doble marks encoded in my HTML attributes, tinymce breaks that attributes.
For example:
data-value="ab"e;----"e;"> will be seen in source code: <div data-type="more-posts" data-value="ab">Hello</div>
http://codepen.io/anon/pen/MKYrbJ
How can I fix this?
If you would have real double quotes here your HTML would not be valid anymore because attributes use them.
It will be best do handle those when you save that content to your database.
You could replace them with single quotes - those wouldn't break the markup.
Related
I have the following properties string
GET 50% OFF ANY M'EDIUM OR L"AR"GE PIZZA!
I am using it in an HTML onclick markup like so
onclick="trackPromoCta(encodeURI(${properties.ctaTwoTextRight # context='text'}));"
However this outputs invalid html. I tried #context of scriptString and that escapes but only for inside JavaScript not for inside HTML markup. I tried all of the other options as well and none of them actually escape special characters for rendering HTML.
I saw someone once use a #format to search the string for these characters and escape them for HTML but I can't find out how to use #format to do this.
The expected output should be
onclick="trackPromoCta(encodeURI('GET 50% OFF ANY M'EDIUM OR L"AR"GE PIZZA!'));"
Take a look at the HTL spec for display context: https://github.com/Adobe-Marketing-Cloud/htl-spec/blob/master/SPECIFICATION.md#121-display-context
What you need is scriptString since your string property will eventually be used as a javascript string literal.
${properties.jcr:title # context='scriptString'} <!--/* Applies JavaScript string escaping */-->
Also, you need to enclose your HTL expression with single quotes, for example:
var str = '${'this is a js string literla' # context='scriptString'}'
The HTL code for you specific example would be:
onclick="trackPromoCta(encodeURI('${properties.ctaTwoTextRight # context='scriptString'}'));"
The #context value "text", "html" or "attribute" will return encoded values in your resulting html. As per documentation too, text encodes all HTML special characters.
If you go through your html's code using "View Page Source" and not via "Inspect element of developer tools". You will see the expected outcome.
onclick="trackPromoCta(encodeURI('GET 50% OFF ANY M'EDIUM OR L"AR"GE PIZZA!'));"
Reference:
https://helpx.adobe.com/experience-manager/htl/using/expression-language.html
The <sup></sup> tag is used for superscripts. Creating a code block is done with backticks. The issue I have is when I try to create a superscript within a code block, it prints out the <sup></sup> tag instead of formatting the text between the tag.
How do I have superscript text formatted correctly when it's between backticks?
Post solution edit
Desired output:
A2 instead of A<sup>2</sup>
This is not possible unless you use raw HTML.
The rules specifically state:
With a code span, ampersands and angle brackets are encoded as HTML entities automatically, which makes it easy to include example HTML tags.
In other words, it is not possible to use HTML to format text in a code span. In fact, a code span is plain, unformatted text. Having any of that text appear as a superscript would mean it is not plain, unformatted text. Thus, this is not possible by design.
However, the rules also state:
Markdown is not a replacement for HTML, or even close to it. Its
syntax is very small, corresponding only to a very small subset of
HTML tags. The idea is not to create a syntax that makes it easier
to insert HTML tags. In my opinion, HTML tags are already easy to
insert. The idea for Markdown is to make it easy to read, write, and
edit prose. HTML is a publishing format; Markdown is a writing
format. Thus, Markdown's formatting syntax only addresses issues that
can be conveyed in plain text.
For any markup that is not covered by Markdown's syntax, you simply
use HTML itself. ...
So, if you really need some text in a code span to be in superscript, then use raw HTML for the entire span (be sure to escape things manually as required):
<code>A code span with <sup>superscript</sup> text and escaped characters: "<&>".</code>
Which renders as:
A code span with superscript text and escaped characters: "<&>".
This is expected behaviour:
Markdown wraps a code block in both <pre> and <code> tags.
You can use Unicode superscript and subscript characters within code blocks:
class SomeClass¹ {
}
Inputting these characters will depend on your operating system and configuration. I like to use compose key sequences on my Linux machines. As a last resort you should be able to copy and paste them from something like the Wikipedia page mentioned above.
¹Some interesting footnote, e.g. referencing MDN on <pre> and <code> tags.
If you're luck, the characters you want to superscript (or subscript) may have dedicated codepoints in Unicode. These will work inside codeblocks, as demonstrated in your question, where you include A² in backticks. Eg:
Water (chemical formula H₂O) is transparent, tasteless and odourless.
I've listed out the super and subscript Unicode characters in this Gist. You should be able to copy and paste any you need from there.
When a user fills out a form how do I go about escaping the user input in express.js?
Does express.js do this by default? I can't find a source.
Do I have to use a third-party module like express-validator.js?
UPDATE
I figured out the difference between escaping and validating.
What I wanted to do was escape user input but what I should be doing is validating it, making sure it's in a valid format and then escape the output to the form if it is not valid providing the user exactly what they inputted.
<%= some_html %> will automatically escape it. <%- some_html %> will output html intact.
Exactly what kind of escaping do you need to do? Express will automatically decode (not unescape) the query string for you and make it available as req.query. URL params will also be unencoded for you automatically.
If you need to escape HTML that includes user input when rendering, you should do that via your template engine. Most template engines such as jade (= value) or handlebars or mustache ({{value}}) will escape HTML by default, and require an explicit syntax to pass data through unescaped ( != value in jade or {{{value}}} in handlebars/mustache).
Is there a way to convert BR tags and/or DIV tags to new lines so it will format correctly when I use an in a mailto? I was thinking I should look for any P, DIV, and BR tags and replace them with a new line character. So anywhere there is a closing tag put the new line character and remove the opening tag. After I do the above I will remove the rest of the html with remove_html="1" but I want to keep the paragraph format.
I thought it can be done using regex_replace but I'm not sure how to write it. Anyone know?
Do not parse HTML files using regex, use HTML parser (HTML::TreeBuilder or something similar that can do in line changes) module, or in this case, even better use XSLT transformations.
I want to convert an HTML tag that tinymce returns into a different format.
e.g.
The italics tag I want to convert to #i#
Is that possible with the editor itself?
During postback I strip all html tags, so I need it in a different safer format.
Add an onsubmit call to your form and use a simple javascript function to string replace the html tags you want to keep.
A more constructive method that might achieve what you want is to use the built in 'Valid elements' feature of tinymce. You can specify exactly which HTML tags you want to keep and it will strip out anything else. Plus it might be able to save you the step of stripping out the HTML yourself.
e.g.
valid_elements : "i,b,u",
http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/valid_elements