HTML tags in comments
How do you disallow HTML tags in comments?
I want users to be to be able to submit comments on my site
but I don't want them to input their own html. Whatever they type
should show as plain text on the comments page.
I am using PHP / MySQL.
.oO(AngryCloud)
>Doesn't mysql_real_escape_string already do exactly what
magic quotes does?
It does even more. mysql_real_escape_string() performs a
DB-specific
escaping and takes the used charset into account. Magic
quotes actually
just do the same as addslashes(), which is not enough for DB
security.
>Magic quotes just seems to just be an annoyance. Can I
just turn it off so I
>just don't have to worry about it?
Yes. In PHP 6 they will be removed anyway. If you can turn
them off on
your server - do it.
>Also, I have A LOT of dynamic text on my site amongst
many pages. Does this
>mean I need to go and put the htmlspecialchars function
in front of each and
>every little bit of dynamic text?
To be safe - yes. If you are sure that the printed text
doesn't contain
any of these chars &, ", <, then you can omit it, but
for anything else
(especially if the texts are entered by users) it's better to
use it.
>Would it be a bad idea to use the function in
>the insert script instead?
Yes. You shouldn't store HTML in the DB (unless it's really
necessary),
but the raw text without any special encoding. Maybe some day
you want
to use the same text from the DB not only for a webpage, but
also in an
email or newsletter as plain text. Any HTML would be a
problem then and
would have to be removed.
Just store the raw text and call the necessary
escaping/encoding
function when you output it.
Micha
Similar Messages
-
Revision: 11664
Author: [email protected]
Date: 2009-11-11 11:42:00 -0800 (Wed, 11 Nov 2009)
Log Message:
Update ASDoc comments on new MXItemRenderer classes, and fix a broken HTML tag in Range.as
QE notes: -
Doc notes: -
Bugs: -
Reviewer: -
Tests run: - Checkintests
Is noteworthy for integration: No
Modified Paths:
flex/sdk/trunk/frameworks/projects/spark/src/mx/controls/dataGridClasses/MXDataGridItemRe nderer.as
flex/sdk/trunk/frameworks/projects/spark/src/mx/controls/listClasses/MXItemRenderer.as
flex/sdk/trunk/frameworks/projects/spark/src/mx/controls/treeClasses/MXTreeItemRenderer.a s
flex/sdk/trunk/frameworks/projects/spark/src/spark/components/supportClasses/Range.asRevision: 11664
Author: [email protected]
Date: 2009-11-11 11:42:00 -0800 (Wed, 11 Nov 2009)
Log Message:
Update ASDoc comments on new MXItemRenderer classes, and fix a broken HTML tag in Range.as
QE notes: -
Doc notes: -
Bugs: -
Reviewer: -
Tests run: - Checkintests
Is noteworthy for integration: No
Modified Paths:
flex/sdk/trunk/frameworks/projects/spark/src/mx/controls/dataGridClasses/MXDataGridItemRe nderer.as
flex/sdk/trunk/frameworks/projects/spark/src/mx/controls/listClasses/MXItemRenderer.as
flex/sdk/trunk/frameworks/projects/spark/src/mx/controls/treeClasses/MXTreeItemRenderer.a s
flex/sdk/trunk/frameworks/projects/spark/src/spark/components/supportClasses/Range.as -
[svn:fx-trunk] 5289: Fix for - HTML tags in span tags in ASdoc comments not being parsed correctly.
Revision: 5289
Author: [email protected]
Date: 2009-03-12 21:09:58 -0700 (Thu, 12 Mar 2009)
Log Message:
Fix for - HTML tags in
tags in ASdoc comments not being parsed correctly.
QE Notes: Some baseline will require update.
Doc Notes: None.
Bugs: SDK-19815
tests: checkintests, asdoc
Ticket Links:
http://bugs.adobe.com/jira/browse/SDK-19815
Modified Paths:
flex/sdk/trunk/modules/compiler/src/java/flex2/compiler/asdoc/AsDocUtil.javaResize/re-scale & optimize all images for the web in your graphics editor before you insert them into your web pages. Saves bandwidth and reduces page load.
Cycle2 is a responsive slideshow. If you want all images to remain 400px and not responsive to layout, you'll need to modify the CSS code a little.
Details on using Previous & Next links are in the documentation.
http://jquery.malsup.com/cycle2/demo/prevnext.php
Nancy O. -
[svn:fx-trunk] 10157: Fixed HTML tag in ASDoc comment.
Revision: 10157
Author: [email protected]
Date: 2009-09-11 09:26:03 -0700 (Fri, 11 Sep 2009)
Log Message:
Fixed HTML tag in ASDoc comment.
Modified Paths:
flex/sdk/trunk/frameworks/projects/rpc/src/mx/messaging/events/ChannelFaultEvent.asWelcome back everyone.
Hope you all had good holidays.
Cheers
glenn
tinylion development & design -
In OAF restrict the richtext editor using html tags
Hi Gurus,
In my page Insert/Update I have requirement of Adding Comment. I have used MessageRichText for this Comment section. The data type of the corresponding Table column is CLOB.
But while saving the entered comment, data is getting saved with HTML tags. .... :
I have another search page that cannot have MessageRichText filed; only MessageStyledText field could be used to show the Saved Comment.
As the data has been stored with HTML tags in DB Table, in the Search Page it showing the Last Inserted Comment with HTML tag.
I want to show the actual Comment entered without HTML tag.........how to do this??????
Please help!!!!!!!!!!!!!!!!!!!!!!!!!1Hello cornelius.
For one, you need to select RTF for message composition and not Plain Text.
Select/highlight the text you want for the hyperlink and at the menu bar, go to Edit and select Add Hyperlink.
Enter the URL in the space provided and be sure to include http://
Select OK when finished. -
HTML tags in RTF--- Urgent pls help
i have a field in answers with the name comments which returns the data in html tags like <~a>abcd <~/a>, it has to dispaly as a link but it is displying as <~a>abcd</~a>
the same with html tags in it... how can i parse the HTML tags in BI publisher, can any one help me here pls
pls remove the ~ code as it is not displaying those HTML tags in forum
Edited by: user10744081 on Feb 5, 2010 9:48 PM
Edited by: user10744081 on Feb 5, 2010 9:49 PMHi Experts,
to be precise, i have a column in my oracle DB has XHTML tags as a data in it, when i use this column in BIP report i am getting tha XHTML tags as my data in my output.how can i parse those and get only the required data to be displayed in RTF ?
Any update on this? i am out of ideas on this.. can any one help me on this -
Hi All,
On the template there are many columns used in Table format. One of the column has data as below. We do not want to display that in HTML tag format. It should just display comment tag no other tags also.
Could someone please help?
<list>
<tag1>
<comment>Testing comments </comment>
<userName>firstname lastname</userName>
<Date></Date>
</tag1>
<tag2>
<comment>Test comments</comment>
<userName>firstname lastname</userName>
<Date></Date>
</tag2>
</list>
Thanks.Please do share your email Id or send me a mail
-
Html tags added while exporting to csv
Hi,
I am facing issue of html tags got added to some columns while exporting report to the csv format.
Can anyone help me for this .
Thanks,
VivekThe TextArea is being included in the csv file probably because it is added to the select query. The main report query has
select apex_item.hidden(49,triagemd5_wptg||triagemd5_compare) || APEX_ITEM.CHECKBOX(34,triagemd5_wptg||triagemd5_compare) checksel, id,APEX_ITEM.SELECT_LIST(35, response, ''Will Fix;Will Fix,Will Not Fix;Will Not Fix,Not an Issue;Not an Issue'','''',''YES'','''','''') , APEX_ITEM.TEXTAREA(45,comments,0,0,''onMouseOver="title=this.value;" style="width:200px;font: 12px/16px Arial,sans-serif;height:50px; border:0 none; overflow:hidden"'')
This was implemented like this because the no. in the 1st column of the API (eg. 45 for apex_item.textarea) is needed to write the values to DB. If the textarea and formatting is added as part of report column attribute then writing comments and response to DB will fail. -
Hi all,
Given a string consist of string encoded in HTML. Any standard Function Module to remove the HTML code?
eg, Change "<HTML><B>Sample Text</B></HTML>" to "Sample Text"
Any suggestion/comments are welcome!
Thanks
Best regards,
Prakesh.Hi Prakesh,
To remove the HTML tags from a string, use the following sample formula:
whileprintingrecords;
stringvar sample := {table.stringfield};
numbervar counter := ubound(split(sample,"<"))-1;
numbervar i;
for i := 1 to counter do(
numbervar openbracket := instr(sample,"<");
numbervar closebracket := instr(sample,">");
sample := left(sample,openbracket-1) & mid(sample,closebracket+1));
sample;
====================
NOTE:
This formula removes all text between the '<' and '>' characters. Adjustments may be required if only some tags should be removed, or if the '<' or '>' characters appear by themselves in the original string.
====================
Thanks & Regards,
Sarita Singh Rathour
Edited by: Sarita Rathour on Jul 24, 2009 6:06 AM
Edited by: Sarita Rathour on Jul 24, 2009 6:07 AM
Edited by: Sarita Rathour on Jul 24, 2009 6:09 AM -
Help needed in adding effects of certain HTML tags in Flex spark Richtext
I want to apply the effects of the following HTML tags/ attributes, in my HTML text rendered in Flex Spark Richtext Component.
Superscript - <sup>
Subscript - <sub>
Blockquotes - <blockquotes>
Ordered Lists - <ol><li>
Unordered List - <ul><li>
Horizontal Rule - <hr>
Direction Attribute for <p> - <p dir="rtl">Hello</p>
Background Color for <font>
I have observed that the above tags have no effect in RichText. Is this a limitation?
Any solutions, tweaks and tricks will be appreciated...
Thanks,
Mangirishcheck this out . this should be able to answer you question.
http://livedocs.adobe.com/flex/3/html/help.html?content=textcontrols_04.html
Miguel -
Query to extract HTML tag with data
Hi All,
I have a string.
'<HTML><HEAD>THIS IS HEAD.</HEAD><BODY>THIS IS BODY.<P>THIS IS P1.</P>NIMISH<P>THIS IS P2.</P></BODY></HTML>'
I want to extract a html tag including its opening & closing tab with data as
if i say P1
then the output should be
'<P>THIS IS P1.</P>'
for P2
then the output should be
<P>THIS IS P2.</P>
please help me in writing this query with regular expression
i have tried it as following but it is not giving desired result:
WITH T AS
SELECT
'<HTML><HEAD>THIS IS HEAD.</HEAD><BODY>THIS IS BODY.<P>THIS IS P1.</P>NIMISH<P>THIS IS P2.</P></BODY></HTML>' STR
FROM
DUAL
SELECT REGEXP_SUBSTR(STR, '<P>.+P2.+</P>') FROM T
Thanks & Regards
Nimish GargEdited by: Nimish Garg on May 7, 2012 5:49 PMNimish Garg wrote:
My requirement is to extract a <tag>data</tag> from a HTML/XML string
where data contains any specified value.HTML is not XML.
And that is a critical distinction to make. HTML parsing is horribly complex. XML is quite easy. For HTML you have to code your own parser in PL/SQL. XML can be parsed using the XMLTYPE class/data type in PL/SQL.
So if you need to find a single specific tag in HTML - I would not try to treat it as XML. I may not even try to use regular expressions.
I would do a basic substring search for the start of the tag. Read the data following the tag. Ensure that there are no nested or embedded tags in the data. Until the end tag is read. Because HTML is that much abused - and because that is an accepted norm as parsers used by browsers deals with that abuse without complaining.
Proper HTML is mostly a myth in my experience of "screen scraping" web servers for data extraction as they do not have web services supplying the data. -
Values having html tags not getting populated while using AJAX in APEX
Hi,
I am using AJAX to populate certain values in a tabular report.
I have a java script of this form (I have taken this example from Denes's example http://apex.oracle.com/pls/otn/f?p=31517:241:1400877312570049)
<script language="JavaScript" type="text/javascript">
function f_set_multi_items_tabular(pValue, pRow){
var get = new htmldb_Get(null,html_GetElement('pFlowId').value,
'APPLICATION_PROCESS=Set_Multi_Items_Tabular',0);
if(pValue){
get.add('TEMPORARY_APPLICATION_ITEM',pValue)
get.add('T_ROWNUM',pRow)
}else{
get.add('TEMPORARY_APPLICATION_ITEM','null')
gReturn = get.get('XML');
if(gReturn){
var l_Count = gReturn.getElementsByTagName("item").length;
for(var i = 0;i<l_Count;i++){
var l_Opt_Xml = gReturn.getElementsByTagName("item");
var l_ID = l_Opt_Xml.getAttribute('id');
var l_El = html_GetElement(l_ID);
if(l_Opt_Xml.firstChild){
var l_Value = l_Opt_Xml.firstChild.nodeValue;
}else{
var l_Value = '';
if(l_El){
if(l_El.tagName == 'INPUT'){
l_El.value = l_Value;
}else if(l_El.tagName == 'SPAN' && l_El.className == 'grabber'){
l_El.parentNode.innerHTML = l_Value;
l_El.parentNode.id = l_ID;
}else{
l_El.innerHTML = l_Value;
get = null;
</script>
And I have the application process as follows
BEGIN
OWA_UTIL.mime_header ('text/xml', FALSE);
HTP.p ('Cache-Control: no-cache');
HTP.p ('Pragma: no-cache');
OWA_UTIL.http_header_close;
HTP.prn ('<body>');
HTP.prn ('<desc>this xml genericly sets multiple items</desc>');
HTP.prn ('<item id="f05_000' || :T_ROWNUM || '">' || :TEMPORARY_APPLICATION_ITEM || '</item>');
HTP.prn ('</body>');
END;
If I have :TEMPORARY_APPLICATION_ITEM as 'Vikas' it gets displayed properly but if I have '<b>Vikas<b>' it shows null. if it has any HTML tags function l_Opt_Xml.firstChild.nodeValue is not working properly .Please tell me what modiifcation can I use in function l_Opt_Xml.firstChild.nodeValue to get Values with HTML tags also to get displayed.
Thanks,
VikasVikas,
Try escaping special characters: htf.escape_sc(:TEMPORARY_APPLICATION_ITEM)Regards,
Dan -
I am creating a report in APEX. I am using the HTML TAG <br> in my headings on the report. The headings on the report look great. When I do the PDF the headings do not look great. The PDF does not seem to like the html <br> tag. Any idea's?
Hi Earl,
I actually have strong, bold, italic, html, new paragraph tags in the content of the text area.
When the pdf is displayed, it shows the tags as it is. I want the data to be formatted and displayed.
Thanks
Meenu -
Hello,
I would like to print a report as a PDF and use the BI Publisher.
This functions so far also quite well, only I have the problem
I pass a HTML formatted text from a field CLob
and with the PDF output the HTML tags are not moved.
In the PDF document the HTML tags stands instead of a formatted heading,
e.g.
<*h1> This is the heading <*/h1> (without stars)
What I must set / make with it I also a formatted one
Heading agrees?
Somebody an idea?
Edited by: user10460383 on 14.09.2009 06:16
Edited by: user10460383 on 14.09.2009 06:17True - a PDF isn't going to support HTML encoding. HTML will just be seen as more text, and displayed that way.
You can strip out HTML tags fairly easily with a regular expression in your query SQL - this simply looks for text between < and > characters, and removes it. That should work for basic HTML formatting tags, but it isn't 100% (it won't handle <script> blocks correctly, for instance).
select regexp_replace(myHTML, '<[^>]*>', '') as myText
from myTable... Implementing a method to convert the HTML formatting into RTF formatting is also possible, but not a trivial task - you'd effectively have to replace each HTML tag with an RTF equivalent -- eg, replace <H1> with the RTF code to make a larger font, replace </H1> with RTF code to return the font to normal... etc... -
Reports does not show data which contains HTML tags
Dear Gurus
Im trying to resolve this problem but im really stuck in it. I have the requirment to customize PO reports in R12 and at the end of every report we have to show its Terms and Conditions.I have the following query wich brings me the data i need.
SELECT
otu.document_number po_segment1,
otu.document_id,
otta.template_id,
otta.template_name,
otta.description,
otta.intent,
otta.status_code,
otta.start_date,
otta.end_date,
otta.instruction_text,
otu.document_type,
otu.document_number po_segment1,
otu.document_id po_header_id,
osb.HEADING titulo_seccion,
oav.display_name,
oav.article_text article_text
FROM
apps.okc_terms_templates_all otta,
apps.okc_template_usages otu,
apps.okc_k_articles_b okab,
apps.okc_sections_b osb,
apps.okc_articles_all oaa,
apps.okc_article_versions oav
WHERE otta.template_id = otu.template_id
AND otu.document_id = okab.document_id
AND osb.scn_id(+) = okab.scn_id
AND okab.article_version_id = oav.article_version_id
AND oaa.article_id = oav.article_id
AND otu.document_number='21000000111' -- Purchase Document
AND otu.DOCUMENT_TYPE NOT IN ('RFQ_RESPONSE', 'RFQ','RFI_RESPONSE','RFI','AUCTION_RESPONSE','AUCTION')
The problem is the field okc_article_versions.article_text storage data with HTML tags as an example : ''<P>COMPANY will make it’s best effort to provide an accurate forecast to CONTRACTOR, <B><I>at the end of every quarter,</I></B> however, a forecast in any form, shall not represent a firm commitment by COMPANY.,</P>"
So when i tried to show the information my .rtf template nothing comes out. Does anybody knows whats happenig and how to resolve it??
Please, resolve this issue is more than urgent an i guess somebody have the answe Thanks a lot
MilyHi ,
Currently image url have value http://serverip:port/reports/rwservlet
I don't know is this correct? Suggest What value it should have?
Thanks
Vinod
Maybe you are looking for
-
How can I add a new certificate to be used with SFTP
Hi, I wanted to know how to add a new certificate (from MS server) so it can be used by sftp. I tried certtool, but got error messages. It's a DSA cert, and I need to secure ftp to this site. Thanks in advance
-
I was hoping somebody might be able to solve some issues I have with my GS120. In a nutshell what I am trying to do is download the movies I have made on my GS120 onto my MBP and edit it with imovie. Firstly the software that came with the product is
-
In my doGet, I have: String t = request.getParameter("mode"); out.println(" [ <a href=\"thispage.html?mode=viewpro\">View Products</a> ] "); if (t == "viewpro") {out.println("yes");} I wonder why the comparison won't work??? I print out the value of
-
How to update without Adapter?
I bought my Ipod in America, it is a new 20gig color photo, but i didn't bother to bring the adapter for the wall with me for obvious reasons. It asked me if i wanted to update and i did, but then it says to plug it into the wall adapter, but i can't
-
Hi, I have time dimension and a measure. when i select more then two months in filter panel like Jan & Feb the report is displaying the sum of measure of jan & feb but i want to display the maximum of the two measure value.