I have made a simple blog using Node/Express/Mongo/Jade (and/or HAML.js). I used (and slightly updated) the blog app from this tutorial, which itself an update of one from howtonode.org
I can render attributes such as links, etc., with the template engine just fine, but when I pass data from the db, none of the html renders. I get plain text print-outs of the HTML. I figure I need some other node packages/modules to render the 'dynamic' content, but I don't know where to start.
In jade, when you're passing content you DON'T want to be escaped, be sure you pass it along as != instead of =
BE EXTREMELY CAREFUL THOUGH! If you don't manually parse out the bad stuff, you could make your website extremely vulnerable.
You can read some more jade documentation here
Related
I couldn't find any api that return the article in a usable HTML form. Most of them return extracts which have very poor HTML formatting which makes them useless for anything.
There is no way to tell what Facebook did exactly, but the easiest way to grab the HTML contents of an article is by using the render action, i.e. by appending action=render to the URL:
https://en.wikipedia.org/wiki/Cooking?action=render
This produces the exact same HTML you can see on Wikipedia, but omits the non-content part (sidebar etc). If you need to reproduce the layout of an article more faithfully, you need to reuse parts of Wikipedia's CSS, and there is no easy way to do that.
Since just a few days there is a REST API for getting the html. It is available at https://rest.wikimedia.org/
Since it is so new, Facebook is probably not using it (yet) but if you want to get it for yourself I suggest you start exploring there.
I've seen some techniques for doing this with other platforms but wonder if anyone has a clean way to do this.
My app has a single host HTML file and uses standard MVP/Places/Activities to parse a hash fragment. It displays a variety of like buttons for different elements. FB (confirmed using lint tool) will only read the static HTML of the host page so I need to manipulate that before it is returned to the requester (there is no point in messing around in GWT with this problem).
I use the Guice-y com.google.inject.servlet.ServletModule so I could create something like:
serve("/fb/*").with(MetaTagAdder.class);
And I could use /fb/* for the Like button urls. So spew out the HTML of the hosting page (adding in dynamic meta tags as needed). Then the *.nocache.js files just jump into the EntryPoint.OnModuleLoad().
This seems sort of clunky. Anyone have a more better idea?
So I ended up going this way and it works fine. Create a servlet whose doPost/doGet methods write out your host html and pass the parameters into it. So the url looks something like:
http://example.com/fb/mypage.html?foo=baz#place:foo=baz
Then you have the parameters available to create meta tags and so forth:
// the first chunk of the static html
resp.getWriter().println("<html><head><script type=\"text/javascript\" language=\"javascript\" src=\"/myMoodule/myModule.nocache.js\"></script>");
// the dynamic meta tags
resp.getWriter().println("<meta property=\"og:title\" content=\"" + req.getParameter("foo") + "\" />");
// the rest of the static html
resp.getWriter().println("</head><body></body></html>");
Then when you are setting up the data-href attribute on your fb-like div, use the url above. Also works for SEO. Considerations for production systems:
Navigation elements in the site should drive the user back to the straight hosted version. This can be tricky. Understand that you will have the query strings in the HTTP request remaining static while the hash fragment evolves to react to the user.
If you have a limited range of parameters and do processing on the parameters, use memcache in the HttpServlet to cache semi-static copies of the html returned to clients.
Don't be putting stuff in the body trying to get jazzy with your SEO. Heartache lies in that direction.
I'm still fooling around with tuning this but don't see any drop dead show stoppers at this point.
Okay, for static pages. Is there a way to load everything between the head tags (css,javascript,etc) from one source so we don't have to load it in every html file? I know this may be a stupid question but I couldn't find one on here and if there was already a post about it, I guess I was stupid to miss it.
If you environment permits you can use Server Side Includes http://httpd.apache.org/docs/current/howto/ssi.html which doesnt really involve using traditional dynamic scripting languages or servlet technology. In any case the HTML standard also allows you reference external CSS and JS - they dont have to be inline. If they are at the same URL they will only get loaded once by the browser.
Are there any good thing, best practice or profit we have after using the HTML helper in an ASP.NET MVC project?
When I am trying to use them I found that I lose the speed I have with HTML and many difficulties I have whenever I use an HTML helper.
Other [non-techie] persons can't understand what I write using Helper if I want to show them or they want to do something they need to spent more time on, even if they have working knowledge of HTML.
If I use an HTML helper I lose the speed. When I use HTML I just type and of course I am not aware of it. But using helper, it is hard to understand.
What thing do we get when I use HTML helper? I think it is nothing I get because I lose the speeed. Others can't understand what I do using helper and can't customize the code if they want.
Why do we use HTML helpers?
You use HTML helpers to encapsulate some small HTML fragments which are repeated all over your pages. And to avoid writing those HTML snippets all over again you use helpers.
They are very useful, especially when dealing with things like URLs because instead of hardcoding your links helpers take advantage of routing the definition on your server and by simply changing those routes the whole site URLs' change without ever touching any single HTML page.
Another scenario where HTML helpers are useful is for generating form input fields. In this case they automatically could handle values when posting back and show associated validation messages. Can you imagine the spaghetti code you would have to write in your views if there weren't HTML helpers?
The biggest advantage I find is with the editor and display templates.
If your editor for a field is more than just a simple input box, you can put that into a template and replace the several tags with a call to
<%:Html.EditorFor(m=>m.Property)%>
This means that your page is a lot easier to edit as you aren't wading through a lot of fluff HTML to find what you want.
If you use tinymce, does that mean you have to handle the parsing of the HTML on the postback (when saving the data to the db)?
i.e. you have to parse the output and make sure no hacky script was posted back or can you have tinymce convert the html into a safe markup?
You can't ever rely on the client to make sure that the content it posts to your server is safe.
Its much too easy for a potential attacker to disable those client-side measures and submit any dangerous content that he wants to.
Therefore you will always have to check your content on the server side, no matter what editor you use in the browser.
Yes, always!!! Just think if they turn off the editor or don't have javascript enabled.
We use the 'valid elements' check to ensure we only get standard HTML out of the editor. No scripts, no events on tags pasted in (e.g anchor tags with onclick events). Just boring, ordinary HTML.
http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/valid_elements