I have the problem that my installed FCKEditor 3.3.1 changes all & to &.
I am posting lots of links in my posts and this makes them invalid. Where can I define that & ist NOT replaced with &?
Thanks :-)
No, you can't. FCKEditor does the right thing.
There is no situation where a standalone & in HTML is not an error. The ampersand always has to be encoded as & - unless it is the start of an escape sequence itself (like in <).
It is a misconception that the & in the HTML source code would make a link invalid. It does not. For HTML to be valid, all data in it must be HTML-escaped. "Data" means both text (in-between tags) and attribute values (like href). When the HTML source is then parsed, the parser will automatically HTML-unescape all data and & will become & again in the DOM. Do not let the fact that many browsers accept an unescaped ampersand deceive you. It is wrong nevertheless (and FCKEditor just tries to deliver valid HTML).
See the custom setting in the fckconfig.js file for FCKeditor.
FCKConfig.ForceSimpleAmpersand = true ;
Tomalak is correct about how it should be presented but I'm just pointing out that there is a configuration option in FCKeditor, in case you need to "break the rules". There are situations where this is necessary. Rendering the ampersand as a true HTML entity (&) does not work in some HTML mail clients, which rarely adhere to HTML standards properly anyway. And you may need to force the plain ampersand if you have an additional filter that will convert it to an HTML entity further along your process.
Related
How can I write this script correctly on ionic?:
<script type="text/javascript" src="https://maps.googleapis.com/maps/api/js?key=xxx&libraries=places"></script>
Does not accept the '&'
HTML has few special characters, but when they appear in “content” they should be encoded using an entity reference:
& as &
< as <
Etc.
It turns out & is the special character that introduces one of those, so that explains why some parsers trip up when they see them unencoded in URLs.
Browsers are lenient so when they encounter an ampersand in a URL they know how to fix it; which I suppose has it’s pros and cons.
<%= Html.TextArea("text", "This is <b>Zeb</b>") %>
From the above statement what i expect is to show the string in textbox as:
This is Zeb.
But what i actually get is
This is <b> Zeb </b>
My string is not properly encoded. So please can someone tell me where is the problem?
I have read it from book Professional ASP.NET MVC 4. It's on page 100.
There is no problem, it is expected behavior. Here is a same question: ASP.NET MVC3, Html.TextAreaFor without encoding?
Your question has nothing to do with encoding. You are telling MVC (and the browser) to show a text area to edit that string, and that's what it's doing.
If you want an HTML editor with which your users can edit the HTML (while seeing it properly rendered), you should check this post:
What's the best WYSIWYG editor when using the ASP.NET MVC Framework?
Basically, you'll usually have to include the .js and .css of the selected editor, and activate it on the text area that you are currently sending to the broser. That will create an editor like the one you'll find in Wordpress, for example.
Edit:
Now that you have edited your question, I think you are misunderstanding what the book was referring to. When it says that your text has been encoded it means that the < > characters have been translated into & lt; and & gt; so that the browser doesn't treat them as "open HTML tag" and "close tag".
If you look at the source HTML in your browser, you'll see that the string has been properly encoded (as & lt; and & gt;).
I am trying to parse some html to switch out values of various element attributes. I decided that the most reliable way to parse the html was to use an xml parser (msxml.)
The problem is that the html I'm trying to parse contains attribute like:
<param name="flashvars" value="autoplay=false&brand=embed&cid=97%2Ftest&locale=en_US"/>
Which causes the xml parser to blow up. I figured out that I need to server.htmlencode() the value attribute in order for the xml parser to load it properly. How do I approach this?
I feel like the problem is a vicious circle. I couldn't use regex's because html is not regular enough, and now I can't use xml parsers because the html isn't "well formed"
help. How do I approach this issue? I want to be able to change attribute values with a vbscript.
Is your HTML well formed? If so you could simply use an XML DomDocument. Use XPath to find the attributes you want to replace.
You can actually use JScript serverside as well in ASP, whicdh might give you access to HTMLDom libraries you could use.
You should probably have a look at one of the libraries for cleaning up HTML, something like HTML Tidy http://www.w3.org/People/Raggett/tidy/
Your main problem is you need to do a replace on the ampersands, they need to be & in well formed XML/XHTML.
According to old AntiXss article on MSDN AntiXss.UrlEncode is used to encode link href (Untrusted-input in the following example):
Click Here!
My understanding was, that UrlEncode should be used only when setting something to URL, like when setting document.location with JS. So why don't I use HtmlAttributeEncode in the previous example to encode [Untrusted-input]? On the other hand is there a security flaw if I use UrlEncode to encode HTML attributes like in the above sample?
Url Encode encodes URL parameters for use in anchor tags.
Html Attribute encode encodes things for use in general HTML attributes.
Both encoding types vary - unsafe characters in HTML attribute encoding will be turned into a &xxx; form, in URL encoding they'll turn into %xxx. Whilst it's probably unlikely getting it wrong would cause a security problem your data wouldn't be properly rendered in the browser, or understood in a request.
(Indeed Url encoding is probably going to change because of an incompatibility with older browsers, and HTML Encoding will change in the next CTP drop to allow for safe listing of particular Unicode ranges).
I receive HTML pages from our creative team, and then use those to build aspx pages. One challenge I frequently face is getting the HTML I spit out to match theirs exactly. I almost always end up screwing up the nesting of <div>s between my page and the master pages.
Does anyone know of a tool that will help in this situation -- something that will compare 2 pages and output the structural differences? I can't use a standard diff tool, because IDs change from what I receive from creative, text replaces lorem ipsum, etc..
You can use HTMLTidy to convert the HTML to well-formed XML so you can use XML Diff, as Gulzar suggested.
tidy -asxml index.html
If out output XML compliant HTML. Or at least translate your HTML product into XML compliancy, you at least could then XSL your output to remove the content and id tags. Apply the same transformation to their html, and then compare.
I was thinking on lines of XML Diff since HTML can be represented as an XML Document.
The challenge with HTML is that it might not be always well formed. Found one more here showing how to use XMLDiff class.
A copy of my own answer from here.
What about DaisyDiff (Java and PHP vesions available).
Following features are really nice:
Works with badly formed HTML that can be found "in the wild".
The diffing is more specialized in HTML than XML tree differs. Changing part of a text node will not cause the entire node to be changed.
In addition to the default visual diff, HTML source can be diffed coherently.
Provides easy to understand descriptions of the changes.
The default GUI allows easy browsing of the modifications through keyboard shortcuts and links.
winmerge is a good visual diff program