I am developing a site and i would like some simple markup. I would need to keep the users newlines (easy enough replace \n with or use pre), a way to allow links and perhaps bold.
Would it be best to use a markup or to use RTF? i was thinking maybe i want special characters like :username: to create a link to a user or maybe :icon-username: to display a link and the avatar of the user. Maybe other things like that.
Is there a good markup lib i can use or should i find something that allows the user to write in RTF and run a pass before displaying it to output links/new icons and etc?
What libs do you guys like and think i should use?
My personal preference is markdown/textile, and perhaps something like the open source WMD editor I am using to type in this message.
I am not sure having the users write RTF is a good choice. How many people are comfortable with the syntax?
An HTML/XHTML would be much better. Plus you'd have the choice to use one of the dozens of browser 'editor' components out there for WYSIWYG editing.
Use whatever syntax you want, but include an icon for adding items to the editor. E.g. There can be a 'username' icon, where clicking it would add ':username:' to the editor. Similar to Stack Overflow's editor toolbar.
If you need RTF in the future, HTML/XHTML can be converted to RTF using third-party libraries. I've used XHTML in that capacity before and it actually worked out well. The hardest part was parsing the CSS ( not hard at all ). The XHTML was taken care of with a standard XML Parser.
Related
I would like to make a system where my users can customize the look and feel of my webapp.
My goal is to give them an HTML editor and some predefined tags like [BUYBUTTON] and [PRODUCTLIST] they can use.
These tags should be replaced with actual ASCX controls so that they not only display the HTML output, but have any code-behind functionality.
A generic find and replace of text/html is easy, I can't wrap my head around how to make the controls embed into the template.
Can someone give me a little push in the right direction here? I will be doing this within a DNN module if it matters.
I would look at how DNN's XML Skin parser works.
I wasn't able to find any good tutorials but here is a link so you at least know what Im talking about.
Cheers.
I would suggest to look at the source code of announcement module, which is doing almost same thing that you want to do.
Only difference here is, announcement module is storing the template in settings, so you can have different layout templates for different modules on same page/portal.
Hope this will help you, happy coding
I am fairly new to asp.net so this may seem like a stupid question, but:
I am attempting to modify a pre-exsiting help menu in a web-app.
In this menu the previous developer, just used three literals seperated by paragraphs and a button linking to a 100 page manual. (i know doesn't seem to be much help, hence why i was planning to update and fix this)
What i had in mind was setting something up like a menu that would link to the different section of the page when the title is clicked.
So something along these lines:
<h1>Menu Contents</h1>
<ol>
<li>section1</li>
<li>section2</li>
<li>etc</li>
</ol>
After the contents section i would have the first section with it's details.
What i am wondering is why would i use asp-literals over just sticking to html?
So basically i would like to know what are the benefits or reasons for using asp literals and i guess when is it that i should use them?
I've attempted to find the solution to this on my own, but the only related matters i have been able to find have to deal with people arguing whether literals or labels are the best option so it's not entirely helpful.
Any help or suggestions are greatly appreciated.
Thanks.
You generally use literals if you want to be able to control the text you display programmatically. Say your page has a way to edit the section titles of your manual, for instance. Or say your manual is in multiple languages and you want the user to be able to set her language and see the section titles displayed in that language.
In your case, by what you're saying, I infer none of this applies and your manual is quite static. In that case I would stick to simple HTML.
Maybe it's been done that way so it would allow the links to be built dynamically, something like:
litMenuItem1.Text = "section1";
thus giving full control over the output? There are better ways to do that however.
I need to highlight changes(diff) between 2 database text fields in a asp.net application.
I'm used to "beyond compare" text compare, so the Ideal solution will do something like it, but if it just highlight the differences, that would be OK.
http://www.scootersoftware.com/moreinfo.php?zz=screenshot&shot=TextCompare
The content is HTML, so if it could compare the HTML rendered text, it would be even better.
So, i need a link or a control (free if possible) to do that job.
thanks
I think what you're asking is pretty complex. I can't find any control out there that will do this, but i did find this: Difference Algorithm for C#
It doesn't give you exactly what you need, but it's a good place to start.
I've just come across this question and it looks like there are more recent options - eg. Html Diff algorithm for .NET
I'm looking for the best way to do some sort of "smart" HTML encoding.
For instance:
From: <a>Next >></a> to: <a>Next gt;gt;</a>
From: <p><a><b><< Prev</b></a><br/><a>Next >></a></p> to: <p><a><b><< Prev</b></a><br/><a>Next gt;gt;</a></p>
So only the non XML / HTML part of the text would be encoded as if HtmlEncode is called.
Any suggestions?
EDIT: This should be as lightweight as possible. The incoming text will come from users which have no knowledge of HTML encoding.
Yes: don’t ever write HTML into your source code. Instead work with an API like DOM that takes care of all encoding issues for you.
If you want a solid and totally reliable C# solution (but heavy-weight) then I'd use the HTML Agility Pack library. You could then iterate through nodes and HTML encode the contents. It's a bit more bullet-proof than regular expressions, but obviously more intense.
If you want to do it client-side, then use JQuery. See Encode HTML entities with jQuery.
Have you thought about using tidy.net? You could throw your user input into that and see what it comes up with, it very, very, very good and turning garbage into something that you actually want. Its a DLL and all managed code I believe so you can easily bolt it in.
As for the no to regexp band wagon, I disagree. If the data is limited (you don't say if it is or not) then you could come up with some rules for at least trying to validate you input string if not cleaning it up. I suspect though that your data could literally be anything in which case you would be better of using something other, but it should not be ruled out completely.
You are probably trying to solve the wrong problem. (I know this is not what you want to hear.)
If users are allowed to write unencoded >> and << into HTML then presumably they would also be able to write <> or <b>, and in that case there is no way you can reliable distinguish between text and markup. (Never mind that this makes you vulnerable to XSS attacks.)
You really have to intercept the text and encode it before it is interpolated into HTML. Probably you should explain the workflow leading to you problem. There must be a better way to solve it.
Edit in response to comment: There is simply no way to reliably encode input which can be either text or HTML at the same time. Anyway, if users are technical enough to enter raw HTML, presumably they are able to write entities - otherwise the shouldn't be entering raw HTML in the first place. If HTML input is only for advanced users, then you could have a check-box which indicated if the input is text or HTML. But you should probably look into using a rich-text editor.
I would probably try to write a good regular expression for this. Are you doing this in code behind (C#) or on client-side with JavaScript?
http://www.regular-expressions.info/
In my web application I am developing a comment functionality, where user's can comment. But I am facing a problem which is I want to allow simple HTML tags in the comment box. HTML tags like <b>, <strong>, <i>, <em>, <u>, etc., that are normally allowed to enter in a commenting box. But then I also want when user presses enter then it will be automatically converted into breaks (<br /> tags) and get stored into database, so that when I'll display them in the web page then they'll look like as user entered.
Can you please tell me how to parse that user entered only allowed set of HTML tags and how to convert enters into <br /> tags and then store them in database.
Or if anyone have some better idea or suggestion to implement this kind of functionality. I am using ASP.NET 2.0 (C#)
I noticed that StackOverflow.com is doing the same thing on Profile Editing. When we edit our profile then below the "About Me" field "basic HTML allowed" line is written, I want to do almost the same functionality.
I don't have a C# specific answer for you, but you can go about it a few different ways. One is to let the user input whatever they want, then you run a filter over it to strip out the "bad" html. There are numerous open source filters that do this for PHP, Python, etc. In general, it's a pretty difficult problem, and it's best to let some well developed 3rd party code do this rather than write it yourself.
Another way to handle it is to allow the user to enter comments in some kind of simpler markup language like BBCode, Textile, or Markdown (stackoverflow is using Markdown), perhaps in conjunction with a nice Javascript editor. You then run the user's text through a processor for one of these markup languages to get the HTML. You can usually obtain implementations of these processors for whatever language you are using. These processors usually strip out the "bad" HTML.
Its rather "simple" to do that in php and python due to the large number of functions.I am still learning c# .lol. but havent yet come across the function.The chances are that it exists and all you need to do is search for it.I mean a function that can take the user input,search for the allowed tags (which are in an array of course) and replace the <> with something else like [] then use a function to escape the other html tags.In php we use htmlentities().
Something like
<code>
$txt=$_POST['comment'];
$txt=strreplace("<b>*</b>","[b]*[/b],"$txt");
$securetxt=htmlentities($txt);
$finaltxt=strreplace("[b]*[/b]","<b>*</b>","$securetxt");
//Now save to Db
I'm not sure, but I think you have to escape html characters when inserting in database and when retrieving echo them unescaped, so the browser can see it just like html.
I don´t know asp.net, but in php there´s an easy function, strip_tags, that let you add exceptions (in your case, b, em, etc.). If there´s nothing like that in C# you can write a regular expression that strips out all tags except the allowed ones but chances are that such an expression already exists so it should be easy to find.
replacing \n (or something similar) with br shouldn´t be a problem either with a simple search and replace.
This is a dangerous road to go down. You might think you can do some awesome regexes, or find someone who can help you with it, but sanitizing SOME markup and leaving other is just crazy talk.
I highly recommend you look into BBCode or another token system. Even something untokenized such as what SO uses, is probably a much better solution.