I know that we can use template inheritance concept but can we use content inheritance?
Example:
content
Home
content1
content2
content3
content3 have a field MyText = "Text". content1, content1 can be have MyText = "Text" by inherit content3 ?
It's not available in the Sitecore box, but there is a module available on the marketplace that provides field fallback. It is not mentioned to be supported on v8 but it might work.
Whether it is a good idea.. Sitecore Climber already mentioned that your content might get messy and I tend to agree with that - but I also had a customer who really needed something similar. So if your architecture requires it, you could try the module - or write something yourself.
Remember that you can sometimes also get similar results by redesigning components (creating some extra ones) and using datasources.
Related
I have a field called "Page Title" that is part of a base template that I called "Base Titles". All of my content pages inherit this base template. I would like to boost the Page Title field in my search results so that if the search term is found in that field it is scored higher than other matches.
I can't figure out how to do this. I found this blog post by John West. However that seems to suggest that in order to boost a field I have to edit a config file?
Is that correct? So there is no way within the Sitecore UI to edit boosting values for a field? It has to be done by a programmer in a config file?
There is no in-built functionality for this. But off the top of my head I guess it's possible to approximate it.
For example. If your content editors have access to the Templates section of the Sitecore tree you could extend the "Template Field" template. Add a numeric field called Boost.
Then on any field in a template they could assign a numeric value
When you write your query you could look up the assigned value from of the associated field in the template and use the Boost method to apply it to the predicate.
Of course there's a bunch of different variations on this approach. This is really just the bare bones.
Sounds like you have the makings of a good marketplace module on your hands.
I am a bit confused on the best way to handle this problem:
My web site needs read-only static web pages (typically the About part of a web site) with 2 simple constraints:
they need to be translated
they need to have flexible layout: to incorporate base headers/footers, floating images and/or tables, and non-interactive elements (like a bootstrap carousel).
Several solutions that I have thought about:
I can of course directly write HTML files but the translation part will be awkward (a lot of <h1>, <ul>, <li> and <p> which are of no interest to the translator).
I can use Django flatpages with some markup languages but I lose a lot of flexibility (for instance template tags are not recognized)
Use generators like Hyde, but it seems quite overkill for my needs and internationalization seems a bit difficult
Does someone have other propositions that I can look into ?
Thanks !
Use django-cms, it has a Page model that can be translated and has a very smart plugin system to add many content-types into every page.
I use it a lot and it's very easy and yet powerful
For completeness and fairness, here's a full list of available CMS packages for Django.
for a much simpler solution, I would create a model called "Page" with lets say title and text fields.
The title and the text fields I would register to django-modeltranslation which will handle the translation issue.
For the text field i would use TinyMCE which let you insert basically any HTML you want so you can do whatever you need.
What I am trying to create is a site for resources. Basically, you add resources such as books and videos via links. Now, with any resource site that caters to a variety of resources, you need to tag them in order to understand what kind of resource you are using.
For example, if you make notes on something like Chemistry or key points from a talk on lets say "Django", then these are text documents. Thus you would want them inside a TEXT TAG.
So, when you are making a form for this kind of thing, what form field would you use? For example, by knee-jerk approach is to simple make a text area field, and then separate the different tags via comma. Now, this can be prone to many problems, I'd just like to know what is the best approach to take to solving this problem? Basically, an easy way to validate the data input? Would forms.ChoiceField be the best approach to the problem or is there something else that is superior?
https://www.djangopackages.com/grids/g/tagging/ is your best bet, most specifically https://github.com/alex/django-taggit. If you want to run your own tagging system, take a look at the source code for some ideas.
EDIT: The easiest way to display this in a form would be to use a ModelMultipleChoiceField. This allows you to select multiple tags for a single resource, and handles server-side validation and conversion to the actual Tag instances. However, I think most people would agree this option looks hideous, and it is certainly not user-friendly if there is a large amount of possible tags.
If you're using jQUery, another option is to use Django_select2. This is what I have personally used in a similar situation, and it handles a large amount of possible tags very well. Django_select2 is a thin wrapper around jQuery's Select2 plugin, with a bit of added functionality (most notably the AutoView and AutoModelSelect2Field). This provides a hybrid between a text field and a select list, allowing you to search all tags and easily select multiple tags. See http://ivaynberg.github.io/select2/ for examples of what you can achieve.
I'm a pretty experienced Grails developer, but most of my experience has been with using grails for serving up JSON/XML to a flex app and some relatively simple HTML websites.
I've been diving deeper into using the sitemesh integration in grails and I'm struggling a little to find best practices for some more complex configurations, and I'm curious if there are any good tutorials or examples out there. The original Sitemesh website isn't that useful as the tags it talks about aren't directly exposed in grails.
A google search is mostly showing old mailing list posts and some vanilla sitemesh stuff which is helping me to move a little further along, but it's a lot of trial and error.
I fully understand how the basic g:layoutTitle, g:layoutHead, and g:layoutBody tags work. Those are easy and well documented.
The kinds of things that I'd like to see examples for:
g:applyLayout - the documentation on this is weak and I don't fully understand the uses suggested in the main docs. How is this different than setting the meta name='layout' content='foo' property?
g:pageProperty - some better examples on how to pull and use properties into the main template by setting the values as meta tags in the page that's being decorated. The grails docs on pageProperty show only the onload attribute from the body being brought forward. I think you can also use meta tag values here as well, anything else?
can you use multiple levels of sitemesh layouts? My testing seems to make me think that I can't, but that seems to reduce reusability. I think that the answer here is some usage of the g:applyLayout, but that's where I'm struggling the most.
the g:pageProperty is a very powerful, but very poorly documented thing. Lets say in my layout I specify where to put some content like this:
<html>
<body>
<g:pageProperty name="page.header" />
</body>
Now in my page I can specify some content:
<content tag="header">
<!-- header -->
</content>
Sitemesh will take the content tag, regardless of actual position in the HTML of the page and place it where it needs to go in the flow of the layout.
Even better, if within my page I render a template that also specifies a content area with a tag of "header", it will overwrite the first declaration, and it will be the template's content that will be rendered in the final layout.
Well, I can answer a bit:
Your first and third questions are related, as you can't chain layouts using the meta tag.
Your final page should have a meta tag as you suggest, but if you want to layer a layout on top of another layout, you put a g:applyLayout tag at the top of the child layout, pointing at the parent.
In your edit.gsp, you'd have:
<meta name="layout" content="editTemplate" />
and in editTemplate.gsp, you'd have:
<g:applyLayout name="baseTemplate" >
<!-- the html for the editTemplate -->
</g:applyLayout>
so edit.gsp would use editTemplate.gsp, which would use baseTemplate.gsp as a base layout. You can chain those as needed.
I haven't used g:pageProperty at all, so I can't throw you better examples there, sorry.
The Sitemesh together with Grails is a very very powerful feature. The more I use it - the more I love it. You can decorate any part of our web site: you can have layout for error messages, tooltips, news lines, comments, etc, etc. Just to note that you can do even that with in your pages and have multiple levels of decoration (no <content> needed):
/view/layout/inline-error-message.gsp
<span class="errorMessageInSomeFancyBox">
<span class="errorIcon"></span>
<g:layoutBody />
<span>
/views/book/create.gsp
<%-- let's decorate our error message with some fancy box --%>
<g:applyLayout name="inline-error-message">${some.error.message}</g:applyLayout>
See our Rabbtor Showcase App for a few very good examples on
creating nested layouts
rendering templates
applying layouts to specific parts of a page
. This app is actually a showcase for our tool Rabbtor which enables using GSP outside Grails but parts related with Sitmesh are also valid for Grails.
This link describes an exploit into my app using fckEditor:
http://knitinr.blogspot.com/2008/07/script-exploit-via-fckeditor.html
How do I make my app secure while still using fckEditor? Is it an fckEditor configuration? Is it some processing I'm supposed to do server-side after I grab the text from fckEditor?
It's a puzzle because fckEditor USES html tags for its formatting, so I can't just HTML encode when I display back the text.
Sanitize html server-side, no other choice. For PHP it would be HTML Purifier, for .NET I don't know. It's tricky to sanitize HTML - it's not sufficient to strip script tags, you also have to watch out for on* event handlers and even more, thanks to stupidities of IE for example.
Also with custom html and css it's easy to hijack look and layout of your site - using overlay (absolutely positioned) which covers all screen etc. Be prepared for that.
The bug is not actually FCKeditors fault. As long as you let users edit HTML that will be displayed on your web site they will always have to possibility to do harm unless you check the data before you output it.
Some people use HTMLencoding to do this, but that will destroy all the formatting done by FCKeditor, not what you want.
Maybe you can use the Microsoft Anti-Cross Site Scripting Library. Samples on MSDN
Is it some processing I'm supposed to do server-side after I grab the text from fckEditor?
Precisely. StackOverflow had some early issues related to this as well. The easiest way to solve it is to use an HTML library to parse user's input, and then escape any tags you don't want in the output. Do this as a post-processing step when printing to the page -- the data in the database should be the exact same as what the user typed in.
For example, if the user enters <b><script>evil here</script></b>, your code would translate it to <b><script>evil here</script></b> before rendering the page.
And do not use regular expressions for solving this, that's just an invitation for somebody clever to break it again.
FCKEditor can be configured to use only a few tags. You will need to encode everything except for those few tags.
Those tags are: <strong> <em> <u> <ol> <ul> <li> <p> <blockquote> <font> <span>.
The font tag only should have face and size attributes.
The span tag should only have a class attribute.
No other attributes should be allowed for these tags.
I understand the DONTS. I'm lacking a DO.
Is use of FCKEditor a requirement, or can you use a different editor/markup language? I advise using Markdown and WMD Editor, the same language used by StackOverflow. The Markdown library for .NET should have an option to escape all HTML tags -- be sure to turn it on.
XSS is a tricky thing. I suggest some reading:
Is HTML a Humane Markup Language?
Safe HTML and XSS
Anyway, my summary is when it comes down to it, you have to only allow in strictly accepted items; you can't reject known exploit vectors because or you'll always be behind the eternal struggle.
I think the issue raised by some is not that Fckeditor only encodes a few tags. This is a naive assumption that an evil user will use the Fckeditor to write his malice. The tools that allow manual changing of input are legion.
I treat all user data as tainted; and use Markdown to convert text to HTML. It sanitizes any HTML found in the text, which reduces malice.