Trix and Summer Note issues while content saving in database - ruby-on-rails-4

I am building a rails blog and I needed to integrate a WYSIWYG editor so I tried with Summernote (v 0.8.1.1), everything is fine except when I create a new post , content is being saved into the database along with html tags instead of only the formatted text content. Latter I tried with Trix (v 0.10.1) and the same thing is happening.I followed everything correctly from the github docs but this only one issue persists. Thank you in advance.
This is the screen shot of the issue:screenshot

When you display data on page use raw like:
raw(#data)
which will convert yout html tags to proper html on page.

hey you should render output using raw function of ruby on rails
raw #post
or use <%=== %>

Related

Django display a pdf in an iframe

Currently I am Working on a workflow where on the left side are input fields and on the right half is a scalable pdf.
But actually I am not able to show a PDF in an iframe.
I am using django 2.1.1(python 3.7.2) on windows.
Is there any solution to display a pdf in an iframe?
I hope you have some ideas..i looked up many sides an tried different solution but actually the pdf document is not shown..
Hope to hear from you soon!
Kind regards
I have experienced a similar setting where I wanted to render a PDF in a webpage.
For that, I did the following :
Wrote a view method (in views.py) that renders the pdf's name. Indicated in the urls.py the path used for the view method. Next, in the HTML file, I use the following line of code :
<iframe id="iframe_pdf" src="{{ doc_file.url }}"
style="width:800px; height:800px;" frameborder="0"></iframe>
The {{ doc_file.url }} is the data obtained from the View method, it returns the PDF file location as a string. In my case, the pdfs were stored in the MEDIA_ROOT directory set in settings.py.

Wagtail 2.0 Internal Link Not Working

I'm building a site with the new version of Wagtail (2.0) and when I try to add an internal link (a link to another page in my website) in a blog post using the Rich Text Editor, the hyperlink tags are stripped out and just the link text is showing. The code that gets rendered is <a id="5" linktype="page">sample page</a>.
If I add an external link, and set it to /sample-page/ then the hyperlink works as expected.
Does anyone know why this is happening?
When you output a rich text field on your template, you need to run it through the |richtext template filter:
http://docs.wagtail.io/en/v2.0.1/topics/writing_templates.html#rich-text-filter
This is because rich text is stored as a 'symbolic' variation of HTML, where items such as page links and images are represented as IDs rather than full URLs - this ensures that they won't break if a page is moved or renamed, for example. The |richtext filter is necessary to translate that symbolic HTML back to real HTML.

Django - Generate a pdf with html block text

I'm working on a project with Django (1.12) and python(2.7). I have a function which returns me in a string the content of an html page. I need to create the html page with this string, and after to transform it to pdf (already have the function), but WITHOUT leaving my actual page. I search since this morning on the internet but i don't find something like my case.
Does anybody knows if it's possible ? and if yes, how?
Thanks,
#Nikotine

Django text file upload and security when using 'mark_safe'

I'm working on a Django app where the user uploads a space/tab/comma delimited text file. I display the text in a browser and the user can then interactively parse columns of delimited values which get highlighted with css as they change the settings. (Only a sample is displayed not the whole file!)
To highlight the selections I insert html/css code in and around the text but have to 'mark_safe' the text to get the html/css to render. I assume this opens security issues as even I, a complete noob could insert html in my input file and get it to render.
My Question:
Is there something I can use to strip html out of the text file immediately after I've uploaded it and before I render it in the browser? Would stripping '<' and '>' out be enough? What about something to disable .js if required?
I understand there are other well documented security measures I can take regarding file uploads. However I'm after a solution to my specific issue relating to me 'marking_safe' the input text I then render to the browser.
Django already has Automatic HTML escaping for this. Take a look at the link I posted in the docs. Hope this helps.

Importing HTML into TinyMCE using ColdFusion

Hey everyone, I would appreciate a pointing in the right direction with the problem I'm having. In short, I'm working on an application that will create PDFs using TinyMCE and ColdFusion 8. I have the ability to create a PDF by just entering in text, pictures, etc. However, I want to be able to import an html template and insert it into the TinyMCE .
Basically, I have a file directory code snippet that lets me browse through my 'HTMLTemplates' folder, and am able to select an HTML document. Now, I want to be able to take all the code from that selected HTML document and insert it into my TinyMCE box. Any tips on how I might do this, maybe?
Thanks!
If I understood you correctly, you already have a TinyMCE plugin which pops up a window and allows you to browse the certain directory using existing cfm page which you render within the popup window. Right?
If not, you should start with this. Not sure how easy it is done in current version, but in the older TinyMCE I've created the custom upload plugin (needed to track the site security permissions for current user) pretty quickly.
Next, I can see two quick ways to pass the server file contents to the client-side:
Make it available via HTTP so you can make the GET request and read contents into the variable.
Output it on the page using CF (say, on form submit when file selected) and grab using JavaScript.
I'd personally tried the second option. After you grab the text into the variable you can put it into the TinyMCE using it's API.
It can be as simple as output escaped text into the hidden div with known ID and read it using DOM operations (assuming that there is cfoutput around):
<div id="myTemplate">#HTMLEditFormat(myFileContents)#</div>
Also you can output the text directly into the JavaScript variable (of cource, with accurate escaping), maybe like this.
<script type="text/javascript">
var text = '#HTMLEditFormat(myFileContents)#';
</script>
Most advanced and possibly better for performance (and definitely "cooler") way is to use the concept of script tags as data containers, like this:
<script type="text/plain">
#HTMLEditFormat(myFileContents)#
</script>
Last time I've seen this in Nadel's blog, I think. Read it, pretty interesting.
Hope this helps.