I have a RichTextArea from CKEditor. And I recently made some changes to sanitize HTML input.
Normal things go through fine but any form fields like checkboxes, textareas, radio buttons etc are stripped out.(I am using getValidSafeHTML to sanitize my HTML).
I have tried different policy files like this thing here which is supposed to allow everything
http://code.google.com/p/owaspantisamy/downloads/detail?name=antisamy-anythinggoes-1.4.4.xml
For example,
<form method="get" name="sampleform"><input name="radio" type="radio" /> </form>
becomes
<form method="get" name="sampleform"> </form>
Anybody have any idea why this is happening?
Thanks in advance
I just found the reason why this is happening... I was using the antisamy-1.3.jar. This looks like a bug in this version of antisamy. I needed to upgrade to antisamy-1.5.3.
So just check the versions of your antisamy jars. You might be facing the same issue
Related
I use Normal Firefox with Dev Tool.
The Explanation: I use hidden input fields to store some data. So I have noticed twice, that the browser is mixing all input fields completely up, it does not understand what is what at all.
Simplified example HTML on server:
<input id="test" type="hidden" value="Hello there"><input id="something" type="hidden" value="0">
Firefox gets above HTML from server (clear cache, reload the page, nothing fixes this):
<input id="test" type="hidden" value="0"><input id="something" type="hidden" value="Hello there">
(and now thinks that id 1 is id 2 etc)
Once I Restart my browser, all gets normal again. (Like example shows, there is no human error, just nonsense) Anyone else had this, if not, then look out before hurting yourself. I don't know if normal users may actually experience this but they may. Someone can explain this...
I am having an issue with a form using AMP.
The form works perfectly on a standard amp html page - the button is clicked and the search.php is triggered.
<form method="post" action-xhr="search.php" target="_top">
<input name="query" placeholder="search" id="query" size="40" value="">
<button type=submit class="btn-search"><amp-img ></amp-img></button>
<input type=hidden name=search value=1>
</form>
Then the exact same code (including all the includes, etc) on the MVC framework I am using doesn't work. The button is clicked and nothing happens.
Source codes on both are identical when viewing page source.
Should this not be happening - the specific MVC framework I am using possibly has an issue with this?
Or is it due to it being MVC, the view (header.twig) has the form on the not working version. Would the php code from search.php go into the controller?
Any help would be greatly appreciated!
I am using ajax for my website. I have successfully used jQuery.ajax() to asynchronously upload file to server. I am using Dajax and Dajaxice therefore I plan to use these application for file upload as well. I tried this example. It is working fine. But if I add file field into my html form, it does not send file to server. My html form looks like
<form id="myform" action="/file/" method="post" enctype="multipart/form-data">
<div style='display:none'><input type='hidden' name='csrfmiddlewaretoken' value='AaSmyBEwQLSD3YghRAD9Cf2uxEjzESUe' /></div>
<p><label for="id_docfile">Select a file</label> max. 42 megabytes</p>
<p><input type="file" name="docfile" id="id_docfile" /></p>
<p><input type="submit" value="Upload" /></p>
</form>
This question has been asked at many place but never answered.
Afaik there is currently no provision within dajax / dajaxice to upload files.
I have used dajax in a few projects and have got round this by using blueimp/jquery-file-upload and a django view that accepts a POST of the upload file and return a JSON string to the client.
This is a less than perfect solution not least because the jquery-file-upload button is styled differently from normal html form elements, it is possible to style the whole form using jQuery-ui, although this is a lot of additional work.
Both, dwr which is pretty much dajax for Java, and tasty pie for django do offer file uploading, so in theory it should be possible to implement it.
I'm happy to post a sample of my ajax solution if anyone would find them useful.
I've also faced this problem recently. So, I've digged a little and discovered some answers.
It is working fine. But if I add file field into my html form, it does not send file to server.
There's serialize() method used in the doc example. But according to the jQuery doc:
Data from file select elements is not serialized.
Also, there's no clear way to get ajax file upload, because JS doesn't have access to the outside of the client browser. So, I don't think it's possible to make using dajaxice.
The easiest hack, I've found is to post form to the invisible iframe using target option:
<form method='POST' action='/upload' enctype='multipart/form-data' target='submit-iframe'>
so, only the iframe will be refreshed. Using js you than can get data from it catching the load() event.
More detailed process described here
I wrote some simple code in liferay to make use of the in-built aui validator, like so:
<div id="addDiv">
<aui:form name="fmAdd" id="fmAdd" action="<%= addURL.toString() %>" method="post">
<aui:fieldset>
<div>
<aui:input id="addName" name="name">
<aui:validator name="required" />
</aui:input>
</div>
<div>
<aui:input id="addDescription" name="desc" >
<aui:validator name="required" />
</aui:input>
</div>
<aui:button-row>
<aui:button type="submit" id="btnSubmit"/>
</aui:button-row>
</aui:fieldset>
</aui:form>
</div>
In another project the same code works fine, and for this jsp it recognises that it's a required field since it appends (required) at the end of the input labels. However, the javascript validation doesn't work. When I click the button without filling in anything the whole form just submits anyway.
Am I missing something? I'm very confused right now so any help would be greatly appreciated!! Thanks!
Edit: For some reason, this problem solved itself without me doing anything. I'm not sure what happened, but it suddenly started working. Can someone advise me as to what I should do with this post? Is there a way to remove it?
I think I have figured it out. I faced the same problem. Validation stopped working when I added another form in an included page.
When I added 'name' attribute to each forms it started working again.
It can very well be a bug that is mentioned here in the link.
http://issues.liferay.com/browse/LPS-15050
How can I change the messages of HTML5 (or doses it change according to browser's language automatically?)
For example:
<!DOCTYPE HTML>
<html>
<body>
<form action="demo_form.asp" method="get">
E-mail: <input type="email" name="user_email" /><br />
<input type="submit" />
</form>
</body>
</html>
When I run this code (from W3schools) at Opera and write a non valid e-mail address it says
Please enter a valid email address
How can I change it to another language instead of English or change the warning to what I want?
Well there are different options.
You can disable the form validation of the form (or the field) with formnovalidate and provide a custom error message with javascript (and serverside ofcourse).
You can use javascript and use the .setCustomValidity() method to provide a (custom) error message but it is intended to add extra rules to the field.
You can use x-moz-errormessage to set a custom errormessage. But using this you need to know that this is not a standard.
There are no built-in internationalisation solutions currently in HTML(5) and all proposals seem dead. However you may find the Passive Localisation JavaScript library of some use. Online demonstration can be found here.