Having just started with MVC 2 I notice that in their starter template they use
<%: Html.ActionLink("Home", "Index", "Home")%>
and I was sure that in MVC 1 it was
<%= Html.ActionLink("Home", "Index", "Home")%>
Are they the same thing? If so, why the change from equal sign to colon.
the colon syntax means you'll be html encoded automatically: http://haacked.com/archive/2009/09/25/html-encoding-code-nuggets.aspx
They couldn't just html encode all the existing <%= blocks, because things that are already properly encoded (which is hopefully most of the projects out there) would look strange.
<%= is used for writing to the output buffer.
<%: is used for writing to the output buffer, after HTML Encoding the content... Unless the IHtmlString Interface has been implemented on the returned object.
Scott Guthrie has an excellent post on this topic:
http://weblogs.asp.net/scottgu/archive/2010/04/06/new-lt-gt-syntax-for-html-encoding-output-in-asp-net-4-and-asp-net-mvc-2.aspx
If the output has already been escaped, double encoding can be prevented by implementing the IHtmlString Interface on the returned object. http://msdn.microsoft.com/en-us/library/system.web.ihtmlstring.aspx
ASP .NET 4 introduced the <%: syntax which encoded the output before rendering it to the screen. ASP MVC already was encoding this but to be more explicit they began using the syntax as well to make it clear that whenever you see the <%: you can be sure the output will be properly encoded.
Related
As the title suggests I am trying to resolve a localisation string inside a repeater. I have a wysiwyg editor to input some html on the form tab of the document type, so the source would look like this
Field1: "{$localstring$}"
Then in the transformation I have
<li><%# Eval("Field1") %></li>
This outputs the string as
{$localstring$}
and doesn't resolve this as a macro and go lookup the localstring in the UI culture localisation.
I have tried different things including
<%# Eval(CMS.GlobalHelper.ResHelper.LocalizeString("Field1")) %>
and
<%# Eval(CMS.CMSHelper.CMSContext.CurrentResolver.ResolveMacros("Field1")) %>
all of which give the same output, can anyone point me in the right direction? I am sure it's the way Eval is being called.
Thanks in advance.
in case somebody else searches for this: if you want to use localization string custom.my-string in ASPX transformation, you should resolve it as follows:
<%# CMS.CMSHelper.CMSContext.CurrentResolver.ResolveMacros("{$custom.my-string$}") %>
note: no spaces! if you add spaces like this: "{$ custom.my-string $}" - it WILL NOT work.
The correct syntax is following:
<%# CMS.CMSHelper.CMSContext.CurrentResolver.ResolveMacros(Eval("Field1").ToString()) %>
I have a (simple) question for my own curiosity:
I'd like to find out how Rails prefill forms with posted values like... you know, when there's a validation error on some models' attributes then you do something like "render :edit" and the form is magically prefilled.
What exactly are the mechanisms that Rails use to do such a thing? I didn't manage to find any documentation on this subject and I'd like to understand the magic.
So if someone can give me some explanations on this subject, I'll be glad to read that!
Thanks!
[Edit] And a subsidiary question: when a model inherits from another (STI) do we have to do something in particular to prefill forms?
You are mostly using the form_for helper in this style:
<%= form_for #person do |f| %>
<!-- Some more stuff here -->
<%= f.text_field :first_name %><br />
<!-- Some more stuff here -->
<% end %>
What this essentiall does is, it generates a text field that is filled with the value of #person.first_name.to_s. When an error happens, #person.first_name is filled with the errornous value. If you create a person (#person = Person.new), then #person.first_name.to_s is "".
So rails just fills the text field with the value, the attribute has.
f by the way is a rails FormBuilder. It's methods are documented here, if you want to take a closer look at the source.
by the default with
<%: Html.EditorFor(m => m.ConfirmationHeadline) %>
the output is:
<input type="text" value=""
name="ConfirmationHeadline" id="ConfirmationHeadline"
class="text-box single-line">
As you can see, the input appends already a class attribute. Well, this should not be a problem, just use
<%: Html.EditorFor(m => m.ConfirmationHeadline, new { #class="span-11 last"}) %>
and should work... err... nope!
this will output the exact same code!
though, works fine with Html.TextAreaFor()
How can I remove the class text-box single-line from ever appear so my own classes could be appended? any T4 template I should edited?
Thank you for all the help.
There is no way to customize the value of the emitted class attribute when using built-in editor templates via the EditorFor method. It hard-codes the class value (more info available here: http://bradwilson.typepad.com/blog/2009/10/aspnet-mvc-2-templates-part-3-default-templates.html)
You have two options:
Write your own custom template that supports the extra functionality. Have a look here for more details: http://bradwilson.typepad.com/blog/2009/10/aspnet-mvc-2-templates-part-4-custom-object-templates.html
Process the output of the EditorFor method:
<%: new HtmlString(Html.EditorFor(m=>m.ConfirmationHeadline).ToString()
.Replace("class=\"text-box single-line\"",
"class=\"text-box single-line span-11 last\"")) %>
In MCV 5.1 you can take advantage of htmlAttributes. Works like a charm...
#Html.EditorFor(model => model.Name, new { htmlAttributes = new { #class = "form-control", placeholder = "Enter your Name" } })
asp.net mvc creates a file called site.css in the content folder. There you can see that the text-box class is set to a width of 30em by default. Reset it to something saner like 15em. The single-line class doesn't appear to be defined anywhere.
You can use TextBoxFor instead
I had this same problem and didn't like any of the solutions above. I also found a similar post here, but I didn't like those solutions either. After some tooling around, I found something I liked, which let me continue to use the Editor Templates (which is something you should try to take advantage of whenever you can). I posted the solution here
try this code
#Html.Raw(
Html.EditorFor(m => m.DataInicial).ToString()
.Replace(
"\"text-box single-line\"",
"\"form-control text-box single-line\""))
I created a Display Template which when passed a string renders a disabled text box
<%# Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<String>" %>
<%: Html.TextBoxFor(model => model, new { disabled = "disabled" })%>
Which works great. However, for some reason MVC wants to try and stuff DateTimes and Ints through it as well, which is throwing exceptions
The model item passed into the dictionary is of type 'System.Int32', but this dictionary requires a model item of type 'System.String'.
Any ideas?
You don't need to strongly type the template to a String.
you can try something like this :
<%# Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl" %>
<%= Html.TextBox("", ViewData.TemplateInfo.FormattedModelValue,
, new { disabled = "disabled" }) %>
And in your view you call it like this
Html.DisplayModelFor(model => mode.name);
For more information see an example of the default built-in editor template for the string in Brad Wilson article in his his series on Templates in ASP.NET MVC.
You should consider going through the complete series. I can't express how helpful this series was for me.
Is there any way to use a custom html helper with the <%: %> syntax ?
I know that if i'm use the code below, it's ok, but it's seems not so elegant and secure.
<%= Html.MyHelper("Some Data")%>
I mean, use <%= %> is the best practices?
Have your helper return an MvcHtmlString instead of a string. Also, please use <%: as much as possible.
HTML helpers create HTML, which is normally expected to be output raw with <%= %>. If you used <%: %> to HTML-escape the output of an HTML helper, you'll see the HTML source it produced on the page as text (eg literally <input name="foo" value="bar"> on-screen), which is probably not what you want.
It is up to the helper to HTML-escape any text content inside them, for safety. Yes, if you write a custom HTML helper and get it wrong—forgetting to HTML-encode strings your helper is putting in text content or attribute values in the output—you'll have security holes. You need to know what you're doing with escaping to write an HTML helper.
Microsoft, unfortunately, apparently don't, as the very first example in their tutorial completely fails:
return String.Format("<label for='{0}'>{1}</label>", target, text);
Whoops. Hope those ID and text strings didn't come from untrusted data!
[why are web tutorials always so lamentably terrible at escaping issues?]