a href attribute for Skype chat - href

I am trying to create an a tag leading to Skype chat.
The problem is that Skype did not give me an ID. People find me only using my first and last name.
I tried this but it didn't work.
<a href="skype:John Doe?chat">
see the null space? John &nbsp Doe.
How can I type it so it works properly?
E.g: I do not want to use my phone number.
Thank you

The values need to be escaped. <a href="skype:John%20Doe?chat">

Alright so I found a workaround.
I added myself from a new account to see what is my Id.
It has this form live:b3e263c856585e34 .
So I used this <a href="skype:live:b3e263c856585e34?chat"> and it worked fine.
Strange but it works

Related

Email link doesn't work properly after # sign

I have a simple link that opens a email.
When I open the email in IE it seems if the address has a "#" sign it doesnt show what ever is after the sign and it only happens in IE.
For example is the address is : 1234 santa cruz #123 st avenue
So after the # sign it wont show anything after .
Any ideas on why its happening and how to fix it?
<a href="mailto:test#test.org?subject=Update
&body=
Account: #trim(Account)#%0d
Address: #trim(Address1)#, #trim(comments)# %0d "> (Request Update) </a>
</cfif>
You can use URLEncodedFormat() function, to fix these kind of issues while working with URLs. The following code will fix your issue.
<a href="mailto:test#test.org?subject=Update
&body=
Account: #trim(URLEncodedFormat(Account))#%0d
Address: #trim(URLEncodedFormat(Address1))#, #trim(URLEncodedFormat(comments))# %0d"> (Request Update) </a>

New Line on Django admin Text Field

I am trying to create a blog o django where the admin posts blogs from the admin site.
I have given a TextField for the content and now want to give a new line.
I have tried using \n but it doesn't help. The output on the main html page is still the same with \n printing in it. I have also tried the tag and allowed tags=True in my models file. Still the same. All the tags are coming as it is on the html page.
My Django admin form submitted:
The result displayed in my public template:
You should use the template filter linebreaks, that will convert the reals \n (that means the newline in the textarea, not the ones you typed using \ then n) into <br />:
{{ post.content|linebreaks }}
Alternatively, you can use linebreaksbr if you don't want to have the surrounding <p> block of course.
After searching the internet and trying different Django Template Filters, I came across one specific filter, SAFE.
For me, LINEBREAKS filter didn't work, as provided by #Maxime above, but safe did.
Use it like this in your html template file.
{{post.content|safe}}
To have a better understanding of SAFE filter, i suggest reading the documentation.
{{post.content|linebreaks}}
This will make the line in the textbox appear as it is without using \n or \.
{{post.content|linebreaksbr}}
Besides the newline function in your CSS Declaration will work too.

Like Button (SEND) Shows the og:metadata info and not the href content (sometimes)

The site is: http://grantdeb.com
I want to be able to dynamically add meta properties to the Recommend(s) and Send(s). Right now, it's using the meta og: properties and that is totally NOT what I want.
The LIKE count is also showing incorrectly for each like even though I've pushed the data-href to it like:
<div class="fb-like" data-href="http://grantdeb.com/wedding-photographers-hampton-roads/[dynamic id]/Wedding-Photography" data-send="false" data-width="450" data-show-faces="false" data-action="recommend" ></div>
BUT - for some reason, once in a while the LIKE / SEND does NOT use the meta properties and correctly shows the correct count AND the correct picture / title I want for the Send.
If you go to our site at http://grantdeb.com look specifically at the "Jasmine Plantation Wedding Photography" (like the 5th post down) you'll see the number of Recommendations is correct, and if you hit the "Send" button at right bottom, it actually uses the correct title and picture we want.
That post is the way we want the Recommend / Send to display.
Why is that happening to some of them and to others it shows our og: metadata?
I can’t exactly see on your site what the problem is (or match your problem description with your site’s content) – but looking at the URL for the post you mentioned in Facebook debug tool, it seems that you have
<meta property="og:url" content="http://grantdeb.com" />
set for all of your detail pages – so that is what Facebook considers the “real” URL for all of your actual posts marked with this tag.
(Can’t tell if this is what you explicitly wanted or not, because your problem description is kinda fuzzy to me.)

Could anyone tell me why / how this XSS vector works in the browser?

I have suffered a number of XSS attacks against my site. The following HTML fragment is the XSS vector that has been injected by the attacker:
<a href="mailto:">
<a href=\"http://www.google.com onmouseover=alert(/hacked/); \" target=\"_blank\">
<img src="http://www.google.com onmouseover=alert(/hacked/);" alt="" /> </a></a>
It looks like script shouldn't execute, but using IE9's development tool, I was able to see that the browser translates the HTML to the following:
<a href="mailto:"/>
<a onmouseover="alert(/hacked/);" href="\"http://www.google.com" target="\"_blank\"" \?="">
</a/>
After some testing, it turns out that the \" makes the "onmouseover" attribute "live", but i don't know why. Does anyone know why this vector succeeds?
So to summarize the comments:
Sticking a character in front of the quote, turns the quote into a part of the attribute value instead of marking the beginning and end of the value.
This works just as well:
href=a"http://www.google.com onmouseover=alert(/hacked/); \"
HTML allows quoteless attributes, so it becomes two attributes with the given values.

Why won't Django auto-escape my <script> tags?

My Django app has a Person table, which contains the following text in a field named details:
<script>alert('Hello');</script>
When I call PersonForm.details in my template, the page renders the script accordingly (a.k.a., an alert with the word "Hello" is displayed). I'm confused by this behavior because I always thought Django 1.0 autoescaped template content by default.
Any idea what may be going on here?
UPDATE: Here's the snippet from my template. Nothing terribly sexy:
{{ person_form.details }}
UPDATE 2: I have tried escape, force-escape, and escapejs. None of these work.
You need to mark the values as | safe I think (I'm guessing that you're filling in the value from the database here(?)):
{{ value|safe }}
Could you post a sample of the template? Might make it easier to see what's wrong
[Edit] ..or are you saying that you want it to escape the values (make them safe)? Have you tried manually escaping the field:
{{ value|escape }}
[Edit2] Maybe escapejs from the Django Project docs is relevent:
escapejs
New in Django 1.0.
Escapes characters for use in JavaScript strings. This does not make the string safe for use in HTML, but does protect you from syntax errors when using templates to generate JavaScript/JSON.
[Edit3] What about force_escape:
{{ value|force_escape }}
...and I know it's an obvious one, but you're absolutely certain you've not got any caching going on in your browser? I've tripped over that one a few times myself ;-)
Found the problem. The JSON string I'm using to render data to some Ext widgets is the culprit. Big thanks to Jon Cage. Answer accepted despite the problem being caused by another source.