Where I should escape output from model. Should I do it in Model too? I guess it should be in View, but i'm not sure. Put it into View seems logic, so you can change HTML to different output (PDF etc.).
Where do you escape HTML output (from users) to page?
With your clarification comment, the answer becomes simple; What you're asking about is presentation logic, which is handled solely in the View.
Related
i'm trying to figure out how to most elegantly integrate something like PHP's nl2br() function into a current project done with JSF2/Spring. I could easily create getters using something like return text.replaceAll("\n","<br/>"); in my model classes, however that does seem like putting view related code where it does not belong. I have the same feeling about storing actual html content in my database.
I guess the cleanest solution would be using tags/EL for this, however i couldn't find something that seemed to do just that. How would you guys implement something like this? Thank you in advance, any hints are highly appreciated!
Use either CSS, assuming that the text doesn't contain any HTML
<div style="white-space: pre">#{bean.text}</div>
Or create a custom EL function and then display it unescaped (Facelets implicitly escapes HTML)
<div><h:outputText value="#{my:nl2br(bean.text)}" escape="false" /></div>
You should only make absolutely sure that it's free of XSS.
Well, in the first place JSF is a Web UI framework. So, anything that you expect to output to the user will end as HTML (with the only exception of javascript, though). So, I don't find it a grave violation of MVC (if any at all). Maybe you could even push the envelope and directly use <br/> inside the text, instead of replacing \n
In a more general sense, if you have different lines/paragraphs in your text, the more flexible/standard solution would be break your text in the different elements and let your presentation logic handle it. So, instead of a properties with
presentationPage.introductionText=Ipse Lorum ...sum.\nVini vidi vinci.
You would end with
presentationPage.introductionText.par1=Ipse Lorum ...sum.
presentationPage.introductionText.par2=vini vidi vinci.
Novice on this 'asp.net mvc' but familiar with mvp pattern for mobile app(mvc#).
Required business logic is to display 'firmware version' in a format like "1.03".
I found it can be formatted either in Controller:
ViewBag.deviceFirmwareVersion = String.Format("{0}.{1}", result.VERSION_MAJOR[0], result.VERSION_MINOR[0]);
or in View:
<td>#String.Format("{0}.{1}", Model.VERSION_MAJOR[0], Model.VERSION_MINOR[0])</td>
Then, what is the difference? Of course I preferred doing it in a Controller. Mvc# makes view as simple as possible (dumm view) and let it depends on presenter about what to do. Is there a simliar rule here?
[02 Nov 12] Maybe my question was a bit off focused, I ended up creating view model where I pick up necessary pieces from data entity and formatting them for view. This link helped me.
With MVC paradigm, all the things about showing informations has to be described in the View, because informations can be get in differents formats (HTML, JSON, XML) and if you format the data in controller then you have to check for every type of format you may show.
If you use only HTML can be easy now to set data format in the controller, but further can get you in trouble.
(Sorry for bad English)
I have a site developed in C#.net and VS2010. It is is localized and works well overall. However, some of the localization strings don't look the best.
For example, I have a message at the top of the login page
Currently it appears like this:
Your session has expired. Please login to
continue.
I would like it to appear like this:
Your session has expired.
Please login to continue.
I can't change the size of the containing div because the width could be different for each language.
I am looking for a way to put layout capabilities in the localization file. The simplest approach (on the surface) is to put new line characters in the string. However, \n, \r\n, and <br/> all appear in the string because it is rendered with " around the string.
Is there another approach that will work? Is this a bad idea? How else can we compensate for length differences accross the many languages?
The best approach in this case is to use HTML formatting in your string (both in English and in your translation) and where necessary adjust the translation.
There is no reason why you could not include <br /> in your string and have it rendered as intended. I don't know if you are using WebForms or ASP.NET MVC, but in the case of MVC you can avoid the default behaviour (automatic HTML encoding of your string) by using the Html.Raw helper, for example instead of this:
<div class='whatever'>#Resources.MyString</div>
Do this:
<div class='whatever'>#Html.Raw(Resources.MyString)</div>
I have a model that contains an IEnumerable of a list of custom objects. Each item needs to be displayed with about 6 fields and an image. So, I won't be using a grid to display the items, rather a div and styling to achieve the look I want. With that said, I'm looking for the appropriate approach. In the book I have, Pro ASP.NET MVC 3 Framework by Adam Freeman and Steven Sanderson, they give an example of doing something similar in their Sports Store application, where for each item, they use this code,
#foreach(var p in Model.Products) {
Html.RenderPartial("ProductSummary", p);
}
Most other reading that I've done, and what seems to be a preferred approach to this, would be to use an HtmlHelper that does basically the same thing.
Which is preferred and why would I use one approach over the other?
Thanks
EDIT
I should have mentions that each of my items will be enclosed in it's own form and have a submit button. This may be the reason the authors of the book I mentioned used the partial view.
In my opinion, I would go the helper route if there is a chance that the code would be reused somewhere else. Could it be used on another page? Or in another project?
Something else to think about...
Helpers also help you to encapsulate view code so that you can keep your view clean and simple. How complex is that view? Would encapsulating some of the code assist in making the code easier to read and maintain?
I have an idea of what view helpers do (/view/helpers), but I have no idea what a view filter (/view/filters) is, or what its used for, can some one please shed some light on the matter?
Thank You =)
At the end of rendering a view, Zend_View passes the output to any filter(s) you have registered, by calling the filter() method on the filter object.
One use of a filter could be to minify HTML output, stripping comments and whitespace to reduce the size of the content to send over the network.
In theory, you could write more sophisticated filters, that modify the DOM, altering, hiding or removing page elements. I wouldn't do that because it's more efficient for the view to render elements right on the first pass, than to tweak them with DOM operations after rendering. Or you could modify content, such as to translate English into French on the fly (if you had an automatic way of doing that, which ZF does not provide).
Zend_View filter is unfortunately undocumented, which makes me think there is little demand for it. I suspect that view filters are basically a victim of YAGNI. They were implemented without a good use case in mind.