I have a seam component where I put a message using standard seam annotation:
#In
private StatusMessages statusMessages;
public void myMethod()
{
statusMessages.add("Welcome, #{user.getName()}, after confirmation you will be able to log in.");
}
and than in the xthml page to show this message:
<h:messages id="mensagensHome" globalOnly="true" styleClass="message"
errorClass="errormsg" infoClass="infomsg" warnClass="warnmsg"
rendered="#{showGlobalMessages != 'false'}" />
This is working perfectly, but I have a requirement where the name should be Bold. Than I have already tryed placing standard html tags in my message like:
statusMessages.add("Welcome, <b> #{user.getName()} </b>, after confirmation you will be able to log in.");
But than it shows the tags on the page and does not turn the name bold.
I have also tried using unicode escape character to render the html tags, but again no success.
Is it possible to use standard html tags from code looking forward to format messages in Seam?
Tx in advance.
Actually you can't, unlike h:outputText h:messages don't have an escape property where you would be able to do escape="false".
In the link bellow you can find a sample on how to extend h:messages, actually it's not exactly h:messages that is extended but the end result is the same. So you can set escape="false" in h:messages and have the browser parse html tags.
http://balusc.blogspot.com/2010/07/using-html-in-jsf-messages.html
Be careful if you display something that the user inserted because this is is prone to html injection.
Note: The link is not mine, but it did work for me.
Related
In a page I am working on I replace the HTML code in a DIV with different HTML, then using Javascript I insert additional HTML into a DIV the new code using innerHTML.
If that is confusing, the original HTML contained a form, the HTML that replaced it contains the response to the form's Submit, and the code I want to insert is the information from the form.
This seemed to work as long as I had alert code in the script, which I use to check the progress as I debug this. Once I removed the all of alert lines the insert would fail. I figure it has to do something with the asynchronous nature of page rendering, so I think I need to find a way to make sure the new HTML code has loaded before I try writing to the DIV it contains.
In the code below the script fails at show_member_info unless I uncomment the preceding alert line.
function handle_join(X)
{
do_trace('handle_update');
get_member_info();
send_emails(X);
do_trace('clear content');
document.getElementById("members_content").innerHTML='';
document.getElementById("members_image").innerHTML='';
do_trace('load content');
Load_HTML('members/joinConf.html','members_content');
// alert('show_member_info');
show_member_info();
show_trace();
}
How do I determine when the new HTML has loaded and is ready to be manipulated?
Thanks, Mike
The question is a bit dry, but from what i can understand the problem is that you are not awaiting Load_HTML and that's causing some issue with show_member_info.
I know that browsers strip out extra spaces after a single space. I generally use " " to include a second space between sentences in my HTML.
Anyway, I'm using ASP.NET MVC 3 and am trying to display an error message that's being injected into the page via a view model (as opposed to being coded directly into the HTML template). When I add " " to the error string that I'm putting into the view model, I end up getting " " in the resulting web page, I assume because MVC 3 HTML encodes the final rendering of the view.
Anyone know a way to get around this so that I can get back my beloved double spacing between sentences? :)
Thanks!
Use Html.Raw() in the view or change your view model from a string an HtmlString. Either way will bypass the HTML encoding. As long as you are sure this will be a "safe" string to render, it should be fine.
I am converting an old script from ASP to ASP.NET and would like some advice. The original ASP script used Response.Write to output information about what happened during execution. I have rewritten the entire thing in ASP.NET but it is new to me as an old-school C programmer. The job requirements include using the VB flavor of ASP.NET, btw.
I originally put up a TextBox and edited the text property to dump my final report. Now they want different colors for different message importance and I find that the TextBox can only do one color for all lines. I fell back to the old standby R.W but I get a message that it's not declared and from looking around I see that it's an issue because I'm calling it from the code behind and that is 'out of scope' from the HTML elements of the page itself.
My question is what is the best way to output information to the web page with different lines being different colors from a page's code-behind?
Secondary question - if I have misunderstood anything feel free to correct my thinking. :)
Thanks!
Literal is the correct approach in my opinion too, to prevent messiness you can wrap it nicely with some functions.
First, have one literal control that will be the messages placeholder:
<asp:Literal id="litMessages" runat="server" />
Second, use CSS for the colors it's more elegant and flexible.. for example:
<style type="text/css">
.msg_information { color: blue; }
.msg_error { color: red; }
.msg_warning { color: purple; }
</style>
Now have this function:
void AddMessage(string message, string type)
{
string strHTML = string.Format("<div class=\"msg_{0}\">{1}</div>", type, message);
litMessages.Text += strHTML;
}
And finally to add message have such code anywhere in your code:
AddMessage("method started successfully", "information");
AddMessage("Failed to do this: " + someErrorMessage, "error");
AddMessage("Value is empty", "warning");
You can make it even more elegant by using enum for message type and more, but the above is enough for basic needs. :)
By having each message in its own <div> you make it be in its own line automatically and you can control each message easier with CSS.
Edit: my code is C# but can be converted easily to VB.NET as well.
Why not just wrap your Response.Write in a span with a color attribute based on what you are outputting? e.g.
Response.Write(String.Format(#"<span style=""color: #{0}"">{1}</span>", System.Drawing.ColorTranslator.ToHtml(Color.Red),yourMessage))
To make it simpler, you could then do something like this:
private void ReponseWriteEx(string output, Color color)
{
Response.Write(String.Format(#"<span style=""color: #{0}"">{1}</span>", System.Drawing.ColorTranslator.ToHtml(color),output))
}
And then call it, e.g. ResponseWriteEx("Hello World!",Color.Blue);
#Deverill,
Could you use a grid view and each row is a message? That way you can apply colors to the grid view.
I am not sure why you were using a text box and not a label.
Wince you were using Response.Write i am going to assume that you do not need user input.
your best bet here is the Literal control.
LiteralControl Class Unlike a label (or textbox) it can contain any html. This will let you place spans with classes around any text that you need. You may have to set some options on the literal to allow html
got this actionlink:
<%= Html.ActionLink("Corian® Worktops", "Index", "Corian")%>
the word corian has to carry the registered symbol or the word can not be used, but it seems to process, i know i could just write this as a normal href but it kinda defeats the object if there is another solution.
has any tried and successfully caried something like this out?
thanks
It works normally
<%= Html.ActionLink("RegistededMark®", "Action")%>
Use the normal ® symbol but make sure the font in HTML displays it correctly.
I do not know why but having static text in the views gives me the chills. I would rather suggest that you use a resource provider to fill in your link text. That way you will not be bothered by the html encoding stuff.
I have an ASP.NET MVC application and I'm using CKEditor for text entry. I have turned off input validation so the HTML created from CKEditor can be passed into the controller action. I am then showing the entered HTML on a web page.
I only have certain buttons on CKEditor enabled, but obviously someone could send whatever text they want down. I want to be able to show the HTML on the page after the user has entered it. How can I validate the input, but still be able to show the few things that are enabled in the editor?
So basically I want to sanitize everything except for a few key things like bold, italics, lists and links. This needs to be done server side.
How about AntiXSS?
See my full answer here from similar question:
I have found that replacing the angel
brackets with encoded angel brackets
solves most problems
You could create a "whitelist" of sorts for the html tags you'd like to allow. You could start by HTML encoding the whole thing. Then, replace a series of "allowed" sequences, such as:
"<strong>" and "</strong>" back to "<strong>" and "</strong>"
"<em>" and "</em>" back to "<em>" and "</em>"
"<li>" and "</li>" back to ... etc. etc.
For things like the A tag, you could resort to a regular expression (since you'd want the href attribute to be allowed too). You would still want to be careful about XSS; someone else already recommended AntiXSS.
Sample Regexp to replace the A tags:
<a href="([^"]+)">
Then replace as
<a href="$1">
Good luck!