I'm implementing a multilanguage page which allow use to select their desire language.
I have implemented something like this and everything work perfectly. JSF 2.0 set locale throughout session from browser and programmatically
However, when I click to change my language, the whole page is refreshed and the locale for all the text is changed, but the text i input in the form also gone.
Example:
1. I have locale in English and got a form with input Username
2. I enter "ABC" in username
3. I click on the change language link to Chinese language
4. Username become Chinese word
5. "ABC" I entered previously is gone.
Is it possible to change the language and in the same time preserving my input?
I tried use ajax but similar issue happen. I need to use #all as I got menu, footer and other text which is not in the form to be translated.
Sample of my code:
<h:commandLink immediate="true" value="#{msg[localeType.resourceKey]}"
rendered="#{languageBean.isCurrentLocale(localeType.value) == false}">
<f:ajax render="label" execute="#all"
listener="#{customerDetailBean.preserveFormData(localeType.value)}"/>
</h:commandLink>
Thanks in advance for the great help.
Related
I am using the kendo editor. If I write any html data like : <img src=x onerror=alert(0) > as an input. The script is getting executed. Means the kendo editor is not secure. How I can encode the value on client side ?
Thanks in advance.
I don't think the problem here is so much that the Kendo editor is insecure, more that the javascript fragment has made it onto the page in the first place.
On initialization the Kendo editor merely copies the input value verbatim and uses it within the iFrame that is contained within the editor, hence the script executes.
Typically you would encode/sanitize user content server-side before it's displayed. It's your website that generates the HTML page so you have full control over the output and need to ensure that a potentially dangerous value doesn't get added to the input's value in the first place.
It might be worth looking into Microsoft's AntiXSS offering.
I have a site developed in C#.net and VS2010. It is is localized and works well overall. However, some of the localization strings don't look the best.
For example, I have a message at the top of the login page
Currently it appears like this:
Your session has expired. Please login to
continue.
I would like it to appear like this:
Your session has expired.
Please login to continue.
I can't change the size of the containing div because the width could be different for each language.
I am looking for a way to put layout capabilities in the localization file. The simplest approach (on the surface) is to put new line characters in the string. However, \n, \r\n, and <br/> all appear in the string because it is rendered with " around the string.
Is there another approach that will work? Is this a bad idea? How else can we compensate for length differences accross the many languages?
The best approach in this case is to use HTML formatting in your string (both in English and in your translation) and where necessary adjust the translation.
There is no reason why you could not include <br /> in your string and have it rendered as intended. I don't know if you are using WebForms or ASP.NET MVC, but in the case of MVC you can avoid the default behaviour (automatic HTML encoding of your string) by using the Html.Raw helper, for example instead of this:
<div class='whatever'>#Resources.MyString</div>
Do this:
<div class='whatever'>#Html.Raw(Resources.MyString)</div>
A project was passed onto me a short while ago which uses JSP for the view and spring 3.1 for the controller - both of which I have little experience in and as per usual, there are about 4 comments in the whole thing. Anyway, my issue is this, in replacing a
<form:checkboxes path="class.list" items="${items}" delimiter="<br />" />
With
<c:forEach var="item" varStatus="vs" items="${items}">
<form:checkbox path="class.list" item="${item}" />
// check if nesting is required, if so create div and nested list point to class.list.children
</c:forEach>
Seems to create additional elements in my class.list which are not selected leading to a break further on.
Any guidance would be greatly appreciated.
I would suggest leaving the form:checkboxes intact as it is a compact way to generate checkboxes. I do not know of a compelling reason not to use the spring form tags if it is already in place and working. As to why you are seeing hidden fields. See here:
http://static.springsource.org/spring/docs/2.5.x/reference/view.html
Here is the relevant portion:
What you might not expect to see is the additional hidden field after each checkbox. When a checkbox in an HTML page is not checked, its value will not be sent to the server as part of the HTTP request parameters once the form is submitted, so we need a workaround for this quirk in HTML in order for Spring form data binding to work. The checkbox tag follows the existing Spring convention of including a hidden parameter prefixed by an underscore ("_") for each checkbox. By doing this, you are effectively telling Spring that “ the checkbox was visible in the form and I want my object to which the form data will be bound to reflect the state of the checkbox no matter what ”.
Hope this helps.
I have validation on all areas of a form, and within the inputs I have hints which are set in the input's Value.
However, the problem I have is that CodeIgniter see's the input as being filled in so a Validation error doesn't occur.
I know I can create a callback_function for each input, but with around 10 forms and 100 inputs I was hoping to avoid this and possibly create a generic function or rule?
Any help is greatly appreciated
You seem to be setting default values for your inputs when what you really want is a placeholder
So instead of this:
<input value="Enter your email" />
You want this:
<input placeholder="Enter your email" />
Depending on how you are setting up your input data, a single callback function could suffice if you really needed it, but really: Don't start hacking up Codeigniter for this. Just use placeholder as it was intended (see javascript solutions for older browsers).
Read more about it here:
http://diveintohtml5.ep.io/forms.html#placeholder
I am assuming what you mean is this:
Ghosted Values http://img864.imageshack.us/img864/8124/ghosted.png
Where the value in there is never meant to be the actual value?
The easy solution is to have a class on the <input> that indicates that it's using a stock input (and also it can grey the text out). When the user clicks in the field javascript can clear the initial value out for you (and remove the marker class).
You can then on the submit button click event go through the form and clear the values of anything with the marker class before you actually submit the form.
There's several section of our site where the user needs to enter some information, and Firefox's auto fill takes over when the page loads - mostly incorrectly!
For example, there's a "Fax Number" field that for some users Firefox keeps filling in with their email address. If they don't see this and they go to submit the form out validators complain to them that it isn't a valid number format.
This really has our sales guys worried because when they go to look at a customers page, they sometimes see it filled in with their own personal info.
Is there any way to prevent Firefox from doing this?
Add autocomplete="off" to your form tag, as documented in the Mozilla document How to Turn Off Form Autocompletion
<form name="form1" id="form1" method="post" autocomplete="off"
action="http://www.example.com/form.cgi">
[...]
</form>
Do read the section on exceptions and workarounds though - the browser will ignore the autocomplete attribute if you have a Name or Address field in the form!
If you don't care about validation, you can use autocomplete="off"
BTW here's a great article from Mozilla themselves about autocompletion
Firefox usually autocompletes based on the field names, so it sounds to me like you might have some underlying confusion with what your fields are called.
I ran into the same problem on Firefox with forms having a 'username' and 'password' field. In this case autocomplete="off" doesn't seem to work, as stated here: https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion (bottom of page).
The only way I found right know to have en empty fields when opening the page is to empty them in javascript. jQuery code example:
setTimeout(function(){
$('input[name="username"],input[name="password"]').val("");
}, 0);
I know it's ugly (especially the setTimeout but I couldn't figure another way. Even putting this in $(window).load() doesn't seem to work.
Try to use dynamic input names.
If autocomplete="off" in the form fails, try using autocomplete="off" in the input field directly and hit Ctrl + F5.
Actually, since a few weeks I've noticed Firefox started mixing autofill values, dropdownlists show entries even from different sites. They probably broke something in their recent builds. Now some personal entries can be seen by people just asking to check mails on your pc. Desire to block this feature is now very understandable.