I am using ng-grid in my application using AngularJS framework. I am getting value for ng-grid using API . The API returns the result having plaintext as well as html tags. Inside ng-grid, I want to display only plain text.
Here is the
enter code herePlunker
I have entered the values manually but in my case, it comes from API.
Any suggestions ? Thanks in advance.
You would probably need to use ngSanitize and cellTemplate
include <script src="//cdnjs.cloudflare.com/ajax/libs/angular.js/1.2.1/angular-sanitize.js"></script>
inject the dependency ngSanitize
and change your ngGrid options as
$scope.gridOptions = {
data: 'myData',
columnDefs: [
{field: 'name', displayName: 'Name'},
{field:'descr', displayName:'Description', cellTemplate:'<div ng-bind-html="row.entity.descr"></div>'}]
};
This will take your data in html formate, so incase you provide the text, it will show you the text and read json likewise
Demo http://plnkr.co/edit/RFmZmL0lCQe9qw8Y8HkN?p=preview
Hope this is what you want
It looks like your HTML is being converted to plain text, but what you probably are looking for is to have the HTML tags stripped out and keep just the text.
If that is what you're trying to do, see this question and its answers: Get the pure text without HTML element by javascript?
Note that the accepted answer is not the best answer.
Related
I want to automatically load up adverts inside the body of my blog website
For Example:
<div class="dynamic-ads-div"></div>
After loading up ckeditor 5, i want to replace the above element with an advert code from platforms like ezoic, google, etc. I have tried to put the code directly in the blog post body, but ckeditor keeps filtering, after rigorous research, i could only preserve the custom html elements like <ins>, but any form of script tags are filtered out, i want to use the approach of loading up ckeditor before adding the advert code dynamically, I tried editor:
document.querySelectorAll(".dynamic-ads-div").forEach(ads => { ads.innerHTML = '<script src="LINK_TO_ADS_PLATFORM"></script><custom-element></custom-element><script>INIT_ADS_CODE</script>' }).
Ckeditor completely ignores the above code.
Any form of help will be greatly appreciated; If you can help me preserve the script tags, or help me insert content dynamically after loading up ckeditor.
Thanks
I want to get sanitized data from CKEditor when I use CKEDITOR.instances['textareaId'].getData(); function.
I have noticed CKEditor internally sanitized the input provided in the 'Source' part.
Example
If the input is <p onclick="alert('document.cookie')">Some Text</p> it gets converted to <p>Some Text</p>.
But when I try to retrive the data using CKEDITOR.instances['textareaId'].getData(); it returns <p onclick="alert('document.cookie')">Some Text</p>.
Is there any way where CKEditor sanitize the data when getData() function is called?
From CKEditor point of view don't disable Advanced Content Filter (ACF) - don't use config.allowedContent = true;. That way unwanted HTML attribute will be removed.
Please note however that JavaScript, no matter how good, can always be disabled so ACF by no means can be treated as a security filter. If you wish to sanitize your HTML, please use server-side library for that and not JavaScript. Sanitizing user input with your server-side application code is the only correct way to do it.
I have a text area in which I am trying to add youtube embed code and other HTML tags. $this->input->post is converting the <iframe> tags to < and > respectively but not the <h1> and <h2> tags.
Any idea how I can store these values?
If you only have a small number of forms that you need to allow iframes in, I would just write a function to restore the iframe (while validating that it's a valid YouTube embed code).
You can also turn off global_xss_filtering in your config (or not implement it if you're using it), but that's not the ideal solution (turning off all of your security to get one thing to work is generally a horrible idea).
$config['global_xss_filtering'] = FALSE;
To see all of the tags that get filtered out, look in the CI_Input class and search for the '$naughty' variable. You'll see a pipe-delimited list (don't change anything in this class).
Why don't you avoid CIs auto sanitizing and use something like htmlspecialchars($_POST['var']); ? Or make a helper function for sanitizing youtube urls...
Or you could either just ask for the video ID code or parse the code from what you are getting.
This would let you use both the URL or the embed code.
Also storing just the ID takes less space in you database, and you could write a helper function to output the embed code/url.
In this case, use $_POST instead of $this->input->post to get the original text area value, and then use HTML Purifier to clean the contents without losing the <iframe> tag you want.
You will need to check HTML Purifier documentation for details. Please, check this specific documentation page about "Embedding YouTube Videos".
I am Using CKEditor in my application where the users can write blogs, create pages etc..,
Source mode is disabled for the editor. Writing xml in the editor's text area is not retained after saving the content. I clearly see that the content got HTML Encoded and the same is supplied as input to the CKEditor's textarea.
Works as designed. Whatever you enter into the WYSIWYG area, will get HTML encoded. How would you want to behave it differently?
If you want a text editor for writing XML, maybe the answers to this question are useful: Textarea that can do syntax highlighting on the fly?
I too want CKEditor to support XML tags, but I understand that you can't just type them into the main window - anything typed here is assumed to be actual content, not tagging, and therefore gets encoded.
What I'd like to do is define a list of styles that cause a tag of my choosing to be used, e.g. if the user chooses the 'example' style, CKEDitor does <x>content</x>. Unfortunately I haven't had much success with this, despite hacking the dtd.js file.
My current solution is to define a list of styles but map them to a standard HTML tag, then put my desired XML tag name in as an attribute. I'll then need to write some XSLT that transforms the data later.
CKEDITOR.stylesSet.add('myStyles',
[{
name: 'Example sentence',
element: 'span',
attributes: {'class': 'example', 'data-xmlTag': 'x'}
}];
config.stylesSet = 'myStyles';
element specifies a standard HTML tag – I use <span> if I want the XML to be inline and <div> if I want it to be block level. The data-xmlTag attribute says what XML tag I actually wanted to use (x in this case). The class allows me to define some styles in CSS and means I can group several XML tags under one class name. To define some CSS:
config.contentsCss = CKEDITOR.basePath+'tagStyles.css';
I need to get both plain text as well as html text from Ajax Editor. I'm able to get the html text and not able to retrieve plain text. i'm not supposed to eliminate html tags from the editor to retrieve plain text.
Is there any property, which gives plain text from ajax editor?
Sample code from my app:
i'm able to get rich html text like this:
string desc = QuestionAndAnswerEditor.Content;
Same way i want plain text.
Please help me.
Use HTML.Encode for getting encoded text. and html.decode ..