I was searching until now and I've got nothing , I want to make a topic Editor in my Laravel project (where the user can write a Rich Text) . I found many JavaScript plugins where the user can create his document and the plugin will create the HTML code in the background
But the problem is that the user can get into the HTML code and change it to add scripts or anything (XSS) so I wanted to know what programmers usually do in such a situation :
do they filter the requested HTML on the server side (If so Help me with a source or a function)
will they create a normal text like StackOverFlow then they change the text to HTML on the server EXP:[img:link]=><img src="link"/>
So this is my problem and I don't know what to write exactly in google so please help with any idea
You have to check the data server side anyway, so do a HTML processing there and allow only specific tags.
Related
First off, I'm not a developer, but a site owner running wordpress. my site has some Amazon affiliate URLS. What is happening is some rogue javascript is running and changing the referral ID's of the HTML code only from a google search specifically (If I load a page directly the HTML doesn't change). Basically I'm trying to figure out how to locate it, I figure that by looking at the html section I can trace what javascript is changing the HTML? With that information maybe I can help find it or pass that on to the hosting company to remove the file.
For example:
in the website shows : https://amazon.com/49684095/?tag=properamazontag
the javascript runs and changes to: https://amazon.com/49684095/?tag=douchebagscammercode
I hope it makes sense.
I have disabled javascript in the browser and confirm that the HTML code doesn't change, so I know it's a javascript issue.
For anyone looking at this with the same issue, what I did was follow this thread Find javascript that is changing DOM element. I went through all the JS changes looking for odd code not associated with a plugin file or theme.
once I found the code, I used a plugin called string locator and searched "everything under WP-content" for the first part of the bad code. From the plugin shows the location of the code (a JS file was added to the theme template) and I then used the same technique to search for the names JS file (in this case called theme.js) and found a php line in the functions.php file that had to be deleted along with the file.
I writing a Google Apps Script (Sheet Add-on), and I'd like to get the HTML of the currently displayed sidebar back to the server-side script. The reason is that I'm making a template-based system where the HTML of the side bar may have come from a range of possible templates, but all of the templates have the same callback function back to the server to make writing them easier. So the common callback function on the server-side needs to be able to determine what HTML it was called from.
Is there any way to do this?
Do you really need all the HTML? Or just enough information to know which template was used? When you load the templates initially you can store some metadata about what template was used in, for instance, an HTML element.
Something like <...data-template-type="template 7">
When you make the call to the server, grab that information from the HTML element and provide it as an argument.
Hope I understood the question and what you're trying to do.
I had been searching for this since long but ain't able to figure it out.. I have got a ready website built in angularjs using all the best practices and the server side is PHP CI.
Now what I am suppose to do is to get them the opengraph meta tags into the head section.
I could easily manage it using jquery ofcourse but the problem arises when the facebook scraper crawls over the page.
As it is a single page Application, there is gonna be only one head hence its not possible for me to mention it on any other html any how... And as it's HTML I cannot let php render the page..
I have tried to search for the answer and ultimately got to
http://www.michaelbromley.co.uk/blog/171/enable-rich-social-sharing-in-your-angularjs-app
But this is not possible for me to use.
I also read about the facebook opengraph pointer using
<link rel='opengraph' href='DESTINATION URL'>
But it says that all the basic tags need to be mentioned into the source and the additional tags can be obtained from destination url.
Is there any way I can solve this problem?
Here is the easiest way beyond sharesocial.in
Follow this link
http://sharelinkgenerator.com/
You will get your work done here.
http://www.sharesocial.in directly allows us to do it. It allows to do it for any page, Amy website and for fb, LinkedIn, Google + and whatsapp.
The index.html includes only a div where all the html generated by Javascript.
I know that one of the ways is to redirect search bots to an onother html. I read this on an old post and i want to know if is the best way and one or two tips for this.(not how to redirect)
The site is build in Tumult Hype so i cant place content on html.
If you redirect the search bot to a diffrent document then this is considered cloaking and may harm your ranking in google.
Yes, google is able to execute JS. But you should not dynamically generate the content on your site, it will hurt your rankings. One could use some kind of prerender.
Edit: of course you can dynamically generate content, but the main content should not be using dynamic javascript.
So basically, I have a single article that I would like to load a PHP file into. This PHP file has a bunch of PHP and Javascript, along with HTML.
I need to include this full PHP file into my article since it contains an application form that I need on my website.
I have tried the following:
Using an extension to allow PHP and Javascript code within an article. Although, this is extremely time consuming since all PHP and Javascript must be wrapped in some special tags for the extension to recognise it, therefore this would take me days.
I tried using the extension and then trying <?php include "form.php"; ?> within the special tags, although this returned a major error since I believe it is because the PHP code is not within the tags itself.
Does anyone have any suggestions to how I can accomplish this?
Try this ,
Create a module that have your forms. For module development tutorial
And create an article and set the module inside that like.
{loadposition contact_form_pos}
Inside your article just mention the module position like above
for more
Using extensions is the only way to do that.
If you don't want to use a plugin that allows PHP into articles, you would have to write your own custom component to show that php page in your own menu item, out of an article.
It's a little hard to answer when you haven't said if you want to just do this one time in one specific article or you want to be able to put it into any article.