I have a Bokeh TapTool that opens a webpage
TapTool(callback=OpenURL(url='/mypage?key=#name'))
However, the text in the name column of my ColumnDataSource contains unsafe text. I would like to escape this text. Typically I use tornado.escape.url_escape for this.
Is there a way to apply a function like url_escape automatically or do I have to maintain a separate column of escaped text in my ColumnDataSource?
As of 0.12.10 there is no functionality to escape field values in the client, nor are CustomJSTransform models yet applicable to OpenURL. My suggestion would be a CustomJS callback for the tap tool that does the escaping and opens the URL (a couple of lines of JS total).
Related
I'm using Bluefish on a Mac to write generic code (it's R but I just open Bluefish and start to type, I haven't told it what I am doing). The help says that Bluefish will:
"Highlighting matching block start and end markers (both brackets and tags)"
but it doesn't do this. So when I highlight a close bracket I'd like to see the open bracket highlighted above it. Under Document, Highlight Block Delimiters is ticked.
What am I doing wrong please?
It doesn't do it in plain text. You need to go Document, Language Mode and select a language (R is in the list).
I need to concatenate two strings within an R object: one is just regular text; the other is italicized. So, I tried a lot of combinations, e.g.
paste0(" This is Regular", italic( This is Italics))
The desired result should be:
This is Regular This is Italics
Any ideia on how to do it?
Thanks!
In plot labels, you can use expressions, see mathematical annotation :
plot(1,xlab=expression("This is regular"~italic("this is italic")))
To provide an string for which an HTML parser will recognise the need to render the text in Italics, wrap the text in <i> and </i>. For example: "This is plain text, but <i>this is in Italics</i>.".
However, most HTML processors will assume that you want your text to appear as-is and will escape their input by default. This means that the special meanings of certain characters - including < and > will be "turned off". You need to tell the processor not to do this. How you do that will depend on context. I can't tell you that because you haven't given me context.
Are you for example, writing to a raw HTML file? (You need do nothing.) Are you writing to a Markdown file? If so, how? In plain text or in a rendered chunk? Are you writing a caption to a graphic? (Waldi has suggested a solution.) Etc, etc....
In R Markdown, to make a text bold, we just need to do:
**code**
The the word code shows in bold.
I was wondering if there is a way to create a new command, let's say:
***code***
That would make the text highlighted?
Thanks!
It is not easily possible to create new markup, but one can change the way existing markup commands are rendered. Text enclosed by three stars is interpreted as emphasized strong emphasis. So one has to change that interpretation and change it to something else. One way to do so is via pandoc Lua filters. We just have to match on pandoc's internal representation of emphasized strong text and convert it to whatever we want:
function Strong (strong)
-- if this contains only one element, and if that element
-- is emphasized text, convert it to highlighted text.
local element = #strong.content == 1 and strong.content[1]
if element and element.t == 'Emph' then
table.insert(element.content, 1, pandoc.RawInline('html', '<mark>'))
table.insert(element.content, pandoc.RawInline('html', '</mark>'))
return element.content
end
end
The above works for HTML output. One would have to define what "highlighted text" means for each targeted format.
See this and this question for other approaches to the problem, and for details of how to use the filter with R Markdown.
I'm currently trying to build a chat app, using the official markdown package as well as underscore's escape function, and my template contains something like this:
<span class="message-content">
{{#markdown}}{{text}}{{/markdown}}
</span>
When I grab the text from the chat input box, I try to escape any HTML and then add in line breaks. safeText is then inserted into the database and displayed in the above template.
rawText = $("#chat-input-textbox").val();
safeText = _.escape(rawText).replace(/(?:\r\n|\r|\n)/g, '\n');
The normal stuff like headings, italics, and bold looks okay. However, there are two major problems:
Code escape issue - With the following input:
<script>alert("test")</script>
```
alert('hello');
```
This is _italics_!
Everything looks fine, except the alert('hello'); has become alert('hello'); instead. The <pre> blocks aren't rendering the escaped characters, which makes sense. But the problem is, the underscore JS escape function escapes everything.
SOLVED: Line break Issue - With the following input:
first
second
third
I get first second third being displayed with no line breaks. I understand this could be a markdown thing. Since I believe you need an empty line between paragraphs to get linebreaks in markdown. But having the above behaviour would be the most ideal, anyone know how to do this?
UPDATE Line break issue has been solved by adding an extra \n to my regex. So now I'm making sure that any line break will be represented with at least two \n characters (i.e. \n\n).
You should check the showdown docs and the wiki article they have on the topic.
The marked npm package, which is used by Telescope removes disallowed-tags. These include <script> of course. As the article I linked to above explains, there's still another problem with this:
<a href='javascript:alert("kidding! Im more the world domination kinda guy. Muhahahah")'>
click me for world peace!
</a>
Which isn't prevented by marked. I'd follow the advice of the author and use a HTML sanitation library. Like OWASP's ESAPI or Caja's html-sanitizer. Both of these project's seem outdated dough. I also found a showdown extension for it called showdown-xss-filter. So my advice is to write your own helper, and use showdown-xss-filter.
I use some telerik report to print some report.
I need to use Telerik.Reporting.TextBox to print labels.
Some labels are stock in .txt files, like " Apple".
When I see a label with spaces, it means I have to indent it in the report, so in the TextBox.
The thing is when we export the report in pdf, we have the indentation, but not when we see in the browser. If I replace the spaces by "& nbsp;", we see the indentation in the browser, but when exporting to pdf, we see the "& nbsp;".
One way to do this is to use HtmlTextBox, so both the browser and the export works fine, but we have other constraints that says we must keep the TextBox.
My idea is to replace the spaces by a blank character, an invisble one, like alt+0160, but there is a lot of choice, and I want the one that will work in any browser, any export (TIFF, PDF, Excel...).
Is someone have a good clue about this choice ?
You could use Unicode code point U+00A0 (non-breaking space), which is what the entity represents. How this should be encoded in your document depends on the character set in use.
You can replace the with ""