Render html content in user defined messages - javascript

I have a webpage where user will enter his details and then on click of submit, I am invoking a service through ajax call for saving it in db. Then I capture the response from the service written using java REST webservices and display it in the webpage. I am displaying the message "Details saved successfully".This message is read from a properties file in my java service layer and passed back to the web page. I currently need to change font color to the text being returned.
I tried adding the following <font color="red">Details saved successfully</font> to my file data and the same text is passed from service layer. IN the web page I see that the font color is not rendered for the text and that the entire above text with html tags is getting displayed in webpage. I am using $scope.status=response string in js page and in html page, I am rendering as <div id="test">{{status}}</div>
Is there any way to render the html tag when we pass it as string from properties from service layer to js page. My goal is not to change the existing html code and have the html tag rendered when read from properties file and passed as string from services.
Thanks.

Letting the user submit data containing HTML that is rendered when displayed can be a security risk. Users can be very creative in the HTML code that they "inject" in your application. There are lot of sites where you may find more information about that vulnerability.
When you need to add some markup, you might look at alternative markup rendering methods, for example BBCode or MarkDown.

Related

text &REG is rendered as ® in html page

I am trying to render a data from webhook to a form label say "PRO&REGAIN" is retrieved to a form. But it is rendered as PRO®AIN where &REG is considered as ®. I know I can use encoding by using &amp ; instead & but I cannot do this change to backend while updating this data.
My question is, how do we render the data to the html page by ignoring such cases. I would like to display as like from backend.
I wonder the same above text is rendered properly as like in grid

How to view source of a form

I am trying to scrape a page to get data for web analytics. I'm on an ecommerce site and have made a dummy purchase. There's a transaction ID on the page but the html surrounding it is not ideal for scraping, the id exists in a unclassified tag with no classes, IDs or other useful attributes of the parent or parents parent.
So, I wnated to view source and ctrl+F the transaction id "123456" and see if it existed anywhere else in the dom.
But, when I view source I get a "confirm form submission" page and don't get to view the html behind the page.
Adding the Javascript tag too in case there's a magical way of searching through all global variables for the value of "123456" anywhere in those variables? If I found the ecommerce data in a global variable object it would be very convenient as opposed to scraping the HTML which, in this case, has few attributes to drill down into
You can just save whole page on your disk as HTML file. In Chrome you can just press Ctrl+S, select your destination and next edit saved file in some text editor.

How to scrape data from website when the data is only accessible by pressing a button?

I want to scrape data from a website within my java-application. The data I want to collect is inside a html-table-element. I tried two different methods:
I tried to load the website with a BufferedReader into a String and collect the data from the String.
I tried to use Jsoup to get access to the exact html-element, but it's empty.
Turns out that the table exists, but it is empty as long as the user has not pressed a button (labled "load raw data"). I inspected the sourcecode of the webpage. When the user presses the button, a load_table()-function is called which loads the data into the table. Obviously, the URL remains the same, otherwise I could've just used the other URL where the data is already loaded into the table. Has anyone an idea on how to scrape data from a website although it's only on the website if the user presses a button after the website is loaded?
I'm not really a trained Javascript-coder, but I tried to look through the script which is executed after the user presses the button. It's kind of hard to understand for me but I made a pastebin of the script with a highlighting where I think the rows are added to the table if that helps. The code for the button is:
Load raw data
The code I use to access the html element with Jsoup would be (all the child(x) methods are called on different div-elements to go deeper into the html-document until I finally reach the table-element):
Jsoup.connect(url).get().body().children().get(5).child(0).child(4).child(1).child(1);
As I stated above, the element is empty. I hope the description of my problem is detailed enough and somebody has at least an idea of what I'm trying to say. Sorry for my clumsy expressions. Not a native speaker.
if you are familiar with selenim webdriving you could use selenium to load the page and then pass to source page into beautifulSoup argument.
html = pageSource()
you could parse the page by this method i guess

Stop text being made HTML unless needed

I have the ability for a user to post some text into a message feed. They are able to type whatever they want.
The backend server detects that there are links and other linkable elements (like tagging someone else), then saves these links into a database.
When a user is served up the full list of messages, they get shown what the user has posted, and anything that was meant to be a link is turned into a link
For example someone typed www.foobar.com so the post will show <a href='www.foobar.com'>www.footbar.com</a>
This works great, however what if someone types HTML in themselves. First off it will mess with formatting, and secondly it allows users to post their own HTML which can be dangerous for obvious reasons.
I need a way of not turning the text that comes back from the API into HTML unless it was HTML that I intended. However I don't want to STOP someone trying to post HTML, just stop it turning into HTML
Twitter does it correctly. If I post this to twitter
<a href='www.foobar.com'>www.footbar.com</a>
It will show me exactly what you see there, but the www.foobar.com will be highlighted and clickable.
Although it may not be relevant, I am using a ASP.NET Web API backend and Knockout.JS for the front end
UPDATE
I am using the following code to show the text (knockout JS observables)
<div data-bind="foreach: allMessages">
<span data-bind="html: theText"></span>
Your backend code should encode the data coming in. this will change the html tags into text based.
Example is <div>test</div> changes to %3Cdiv%3Etest%3C/div%3E. this will prevent data getting into your database that you don't want.

Lotus Notes hide/show div

I cannot manage to make asmall piece of javascript working in a lotus notes 6.5 email.
I'm building a html, send it by mail as a html, and inside I would like to have some links to hide/show a few div.
I try to use document.getElementById but when I click on the link I have the following error:
"document.getElementById is not a function".
I'm thinking using a document.getElementById(id).style.display='none'; to hide it (if I can manage the div).
Any ideas how to show/hide my div?
The HTML engine in Lotus Notes is not anything like you'd get in a browser. I'm fairly certain the error message is correct when it says "document.getElementById is not a function" - there is little to no support for javascript in Notes emails.
If you need to have something hide/show in Notes, you will have to create a Notes form with actions and hide formulas to get the same effect. Then emails can be sent with the form embedded into the email, and when received the email will open that form instead of a typical memo form.
Note, it is unlikely most email clients (Outlook, etc) will support javascript due to the security holes it would open. You might have better luck sending a link to users and then having them open up a Web page or Notes database where you have more control over how things are presented to them.
The root of the problem is that Notes doesn't display HTML*. In order to display an HTML-formatted MIME email (or any other rich text field whose contents are stored as MIME and HTML), the content must first be converted to Notes Rich Text (composite data, or CD) format. The conversion of static HTML has improved a lot over the years, but once the conversion is completed, there is no HTML document to modify. Obviously, your link/action was properly translated to its Notes equivalent, but there are no hooks for DOM methods in the Notes client. JavaScript is pretty much restricted to manipulating field values (through the document.forms[0].LiteralFieldName method of access), swapping images (through the document.images collection) and a small subset of the window object's methods.
*One can view pure web pages in the Notes client, but that uses the IE ActiveX control in the full tab -- it's not available natively for rendering a part of a document.
it may not fit your HTML needs but might help you hide / show content:
In a new mail, select the content you want to hide / show
Click on Create / Section
You can also define a name for this section within section's properties
(works in Lotus Notes 8.5)

Categories

Resources