I am trying to save form in a xml format. There is no model class defined for this form. Form structure is something like this.
- Section1
Field1
Field2
Field3
and I want to save it to
<section1>
<Field1></Field1>
<Field2></Field2>
<Field3></Field3>
</section1>
How would I do that?
To track which html field belongs to which section I can name them as name="section1.field2". It can help me to find out parent element of the field.
Create an XML in Javascript on onSubmit Event by traversing the input elements of the form using any framework like jQuery.
And creating the XML in your desired format is very easy if you follow this.
Use flush() to write it to any hidden variable, thereupon you can submit the form or you can post it using ajax as per your requirement.
Related
this question might be a bit special. I am using this Joomla 2.5 extensions to give authors the abilty to add Attachments to articles: Joomla Attachments
The extension renders an input field called "description" in a backend form to insert an file description for the provided file. Unfortunately it´s not taking HTML tags which I need. By saving the form it seems a strip_tags() or preg_replace() or something similar cleans the input. I combed through the code of the attachments extension but couldn´t find a place where the input is cleaned or saved.
To hopefully stay in the Question + Answer rule of Stackoverflow:
Is there a class which extensions inherit from the Joomla Core to save form data to a DB-table ( which also could be responsible to clean and validate user input )?
thanks for any idea,
tony
You should see how the field is defined first:
1. Form definition
look into the
administrator/component/yourcomponent/models/forms/somename.xml
there you could find a form definition, if so it will also specify the field type: depending on the type there are several available filters; for example the default textarea will strip html, and you need to set
filter="raw"
in order to enable it. see http://docs.joomla.org/Standard_form_field_and_parameter_types for a list of fields, click and you can find the available format options.
2. model
If the model inherits from JModelAdmin or JModelForm or other JModel* it will automatically handle binding of the forms' data to the database, look for the Save function which should receive the form $data.
3. more
There are at least another dozen possibilities. If the above didn't help, try finding the form: possibly you could find it just by looking at the markup. Once you have the form, check the following fields:
option
task
view
This should help you find the php code that is invoked based on the form:
if view is set, maybe in ./views/someview/view.html.php you could find the saving logic.
if task is set, look for a function with the same name in ./controller.php
if task contains a ".", look for the controller in the ./controllers/ folder.
if option is not the name of your component, your component is sending the data to another component for saving, and most likely set a return-url
I have a model and a form in the view. I have a simple field of string which is called description. I'm able to insert scripts like: <script>alert('xss')</script> to that field.
I can see that in other actions on my site with other models I can't
I do not have an AllowHtml or anything like that.
the only difference is that for this model I use a post with a json object and content-type of application/json
the ModelState.IsValid is returning true. even though there is a description property with an xss script on it...
and for the other actions I make a simple ajax post.
why isn't the validation input work on this kind of JSON ajax posts?
how can I prevent xss across the entire site for this kind of ajax requests?
thanks
It is because ValidateInput is only for FormValueProvider. As for JsonValueProvider, you need to roll out your own mechanism.
Steps
1) Create a marker attribute CustomAntiXssAttribute
2) Create a custom model binder by sub-classing DefaultModelBinder
3) Overrides BindProperty method -> get the attempted value for the underlying property, sanitize it and assign it to the view model property.
Check this out.
Edited:
Replace the line var valueResult = bindingContext.ValueProvider.GetValue(propertyDescriptor.Name); with var valueResult = bindingContext.ValueProvider.GetValue((string.IsNullOrWhiteSpace(bindingContext.ModelName) ? string.Empty : bindingContext.ModelName + ".") + propertyDescriptor.Name); in order to support nested ViewModel.
try using AntiXssLibrary from Nuget, and by using getSafeHtmlContent. you can get the safe content while you're saving your records to db.
Another approach is to use a Sanitizer library like this one, you can choose which HTML tags you want to be filtered out.
I am sending over a series of array values from a posted form to an MVC3 Controller. I was hoping the default modelbinder would be able to parse this but I'm having some difficulty with it.
The array is in the following format:
order[0].[type]=some value.
I think this is the reason the model binder is not parsing my values because I'm not getting anything populated in my model.
What would be another way to handle this?
Probably need to post more of your code so I can see what you are doing exactly. However saying this you need to pass the model to the view/partial view on the response you are trying to retrieve on the post request.
If not you will have to iterate through the Form Collection that will be returned and the Actions Methods type e.g. ActionMethodName(FormCollection form), one issue is name versus id its the name of the Kendo UI control that is used to get the value not the id.
1As far as I remember the right format was:
orders[0].OrderID=13;
orders[0].Name="test";
orders[1].OrderID=15;
orders[1].Name="again test";
The indexing should start from 0 and increase by 1.
Check this out: http://haacked.com/archive/2008/10/23/model-binding-to-a-list.aspx
i'm trying to write csv importer for my project that i can use for any model, it should be a wizard that first you upload the csv file, in the second step it generates a form based on the csv file for mapping csv field with database fields, on the first call to the form i should specify the model for the mapping, that can be a hidden input in the first form. on the other hand i want to use ajax for all the process, i don't know what to use exactly so it would be a complete reusable module and also with writing less java-script also how should i generate the second dynamic form. thanks.
Submit the first form through ajax. The request will contain (hidden) which form to use, so just render that form (based on a ModelForm). Make a template for each possible form(model) and return the rendered template accordingly.
The ajax call will remove the first form, on success and replace it with the response (which will be the second form).
I am trying to write some kind of raw html to mimic what spring mvc tag produces after page rendering(and I do make them look exactly the same if you open them with a html element inspector). as I want to create dynamic input form using javascript. but it didn't work. it seems I had to use only what it offers: e.g. <form:input path="firstName" />.
to get the data binding working.
I thought the tag lib only help you to produce a html block that spring knows how to handle them in backend (action). from a web http perspective. what else it can send beyond a bunch of form data, and they should send the same thing. so I am really curious to learn what magic thing the tag lib dose beyond producing a html block.
the other thing I would like to know is where the model object is being hold when the form is being submit to a matched action. you know, you can get the model attribute by using #modelAttribute as the input parameter. is it in the original request object? or in the ActionRequest to which the dispatcherServlet build and put it. or even somewhere else?
thanks in advance.
I got it figured out. the raw html just works as spring tag does. as long as you are in the form tag block. you are okay to use raw html such as
<input type="text" id="abc" name="abc"/> just make sure name reflect your bean attribute path.
id is not mandatory and is just helping you to identify the very element. I guess I missed something when I work with the raw html by the time I ask the question. hope this helps for guys working with raw html approach, especially in case of dynamic input creation.