Is it possible to customise the quick info section in the content editor to show additional information about the item?
Thanks
I think this would be quite tricky. If you look at Sitecore.Shell.Applications.ContentManager.Editor (in Sitecore.Client.dll), you'll see there is a RenderQuickInfo method. The HTML gets pieced together manually and is added to an EditorFormatter object as a literal control. All the classes involved are tightly integrated in to the application - there's no easily identifiable customisation point.
There are some pipelines associated with the rendering of the Content Editor,
renderContentEditor
getContentEditorFields
getContentEditorSkin
But I don't think these will provide an easy way in.
In general, I always think that if Sitecore haven't made part of the application easily customizable, then they probably did it on purpose.
One option could be a more js approach. The whole of the content editor is in the dom, albeit rather nested. It's slightly different but highlights the concept (http://blog.boro2g.co.uk/ever-edited-sitecore-web-db-mistake/).
I'd suggest if you use the example below in anger you make the xpath better - this was simply stolen from chrome dev tools.
As an example: with the following script pasted into the content manager.aspx file you can access some of the elements:
<script type="text/javascript">
window.onload=function(){
var text = getElementByXpath('//*[#id="EditorPanel"]/table/tbody/tr/td/table/tbody/tr[2]/td[1]');
if (text) {
text.innerText = "hi";
} else {
}
};
function getElementByXpath(path) {
return document.evaluate(path, document, null, XPathResult.FIRST_ORDERED_NODE_TYPE, null).singleNodeValue;
}
</script>
Which then allows you to update text (see screenshot):
quickinfo says hi
Related
Ive got the following code in my RSS consumer (Vandelay Industries RemoteRSS) in my Orchard CMS implementation:
#using System.Xml.Linq
#{
var feed = Model.Feed as XElement;
}
<ul>
#foreach(var item in feed
.Element("channel")
.Elements("item")
.Take((int)Model.ItemsToDisplay))
{
<li>#T(item.Element("description").Value)</li>
}
</ul>
The rss feed Im using is from Pinterest, and this bundles the image, link, and a short description all inside the 'description' elements of the feed.
<description><a href="/pin/215609900882251703/"><img src="http://media-cache-ec2.pinterest.com/upload/88664686384961121_UIyVRN8A_b.jpg"></a>How to install Orchard CMS on IIS Server</description>
My issue is that I don't want the text bits, and I also need to prefix the 'href=' links with 'http://www.pinterest.com'.
I've managed to edit the original code with my newbie skills to the above,, which essentially displays the images as links which are only relative and thus pointing locally to my server. These images are also then followed by the short description.
So to summarise, I need a way to prefix all links with 'http://pinterest.com' and then to remove the fee text after the image/links.
Any pointers will be greatly appreciated, Thanks.
You should probably parse the description, with something like http://htmlagilitypack.codeplex.com/, and then tweak it to add the prefix. Or you can learn regular expression and do without a library. Could be a little trickier and error-prone however.
I'm using markdown a lot and would like to have a few pages that mimic the behavior of wiki reference.
For example:
Blah blah blah <ref>{{Some Reference}}</ref>
I'll be adding a lot of references throughout a few pages and am not sure how to accomplish this behavior in markdown. All the resources I've found require a lot of work to keep track of them, you have to order them yourself, both at the bottom and top of the page, as opposed to Wiki markup which can automatically build the list at the bottom of a page with a simple {reflist}. Something similar to the TOC. Is there nothing like this in Markdown?
How could I extend RedCarpet or another processor to manage ref links throughout the page and build a list?
I don't think there's an easy way out of the box, but you can use a jekyll extensions such as:
https://github.com/archome/jekyll-citation
https://github.com/inukshuk/jekyll-scholar
Looks something like:
#book{ruby,
title = {The Ruby Programming Language},
author = {Flanagan, David and Matsumoto, Yukihiro},
year = {2008},
publisher = {O'Reilly Media}
}
Not sure how easy it would be to use for simple web references such as your example, but it would work.
I've recently installed the sitecore social connector module, and I've placed tweet and like buttons on a page, but I can't seem to control the content either sends to twitter/facebook. The tweet button sends the title of the page as the text to be tweeted, and I'd like to override this.
The facebook like link doesn't seem to do anything. If I go back to the same page, it still shows 1 like, but nothing has appeared on my facebook page.
Any help would be greatly appreciated.
I've decompiled the CodeBehind for the Tweet sublayout and it has this for code:
protected void Page_Load(object sender, EventArgs e)
{
string text = "var xmlhttp;if (window.XMLHttpRequest){ xmlhttp=new XMLHttpRequest();}else{xmlhttp=new ActiveXObject(\"Microsoft.XMLHTTP\");}xmlhttp.open(\"GET\",url,true);xmlhttp.send();";
string script = string.Format("<script>twttr.events.bind('tweet', function (event) {{var url = '{2}?itemid={1}&eventname={3}&buttontype=tweet';{4}}});</script>", new object[]
{
Sitecore.Context.User.Name.Replace('\\', '.'),
Sitecore.Context.Item.ID.ToString(),
"/layouts/system/Social/SocialEvents.aspx",
base.EventName,
text
});
this.Page.RegisterStartupScript("tweetsubscribe", script);
}
If you want to change it, you need to de-compile Sitecore.Social.dll which is in the package. Un-zip the package and open the files folder and the DLL will be in the /bin/.
If you don't have a decompiler, ILSpy is a great free one. You can do the same for the other feature, just de-compile and re-build in a local project with changes.
Update: just to clarify, you need to de-compile the current C# in the DLL to make changes to it. You can re-compile into a separate project, you just need to change the Inherits="" in the front-end of the control, e.g.
Instead of this:
Inherits="Sitecore.Social.Sharing.Controls.TweetButton"
Do something like this:
Inherits="MyProject.Sharing.Controls.TweetButton"
Apologies for the very late reply. I did not realise someone had asked me for a reply.
In the end I found it easier to just use the standard Twitter/Facebook controls. I have since learned that while Sitecore has some useful modules for handling CMS operations, it is often easier on the Content Delivery side to just use whatever web technology is the easiest to implement.
https://dev.twitter.com/web/tweet-button
https://developers.facebook.com/docs/plugins/share-button?locale=en_GB
I am currently trying to understand a bit more about how Orchard handles Lists of Custom Content Types and I have run into a bit of an issue.
I created a Content Type named Story, which has the following parts:
Body
Common
Containable
Route
I created a list that holds these items, and all I am attempting to do is style them in such a way:
Story Title
Story Description (Basically a truncated version of the body?)
However, I cannot seem to figure out how to do the following:
Get the Title to actually appear (Currently all that appears is the body and a more link)
Remove the "more" link (and change this to be the actual Title)
I have looked into changing the Placement.info, and have looked all over in an attempt to find where the "more" link is added in each of the items. Any help would be greatly appreciated.
I finally managed to figure it out - Thanks to the Designer Tools Module, which made it very simple to go look into what was going on behind the scenes during Page Generation.
Basically - all that was necessary to accomplish this was to make some minor changes to the Parts.Common.Body.Summary.cshtml file. (found via ../Core/Common/Views/)
Which initially resembles the following:
#{
[~.ContentItem] contentItem = Model.ContentPart.ContentItem;
string bodyHtml = Model.Html.ToString();
var body = new HtmlString(Html.Excerpt(bodyHtml, 200).ToString()
.Replace(Environment.NewLine,"</p>"+Environment.NewLine+"<p>"));
}
<p>#body #Html.ItemDisplayLink(T("more").ToString(), contentItem)</p>
however by making a few changes (by using the Designer Tools) I change it into the following:
#{
[~.ContentItem] contentItem = Model.ContentPart.ContentItem;
string bodyHtml = Model.Html.ToString();
string title = Model.ContentPart.ContentItem.RoutePart.Title;
string summary = Html.Excerpt(bodyHtml, 100) + "...";
}
<div class='story'>
<p>
#Html.ItemDisplayLink(title, contentItem)
</p>
<summary>
#summary
</summary>
</div>
Although it could easily be shortened a bit - It does make the styling quite a big easier to handle. Anyways - I hope this helps :)
Alternately you can use the placement.info file in your theme assign different fields to your Summary and Detail views. It's much simplier.
http://orchardproject.net/docs/Understanding-placement-info.ashx
But, I used the same method you did till I discovered the .info file as well. It works and gives you a good understanding of how the system works, but the placement.info file seems easier.
Also, you probably don't want to be editing the view files in Core. I think your meant to override views in your theme directory.
Any idea how one would go about preventing XSS attacks on a node.js app? Any libs out there that handle removing javascript in hrefs, onclick attributes,etc. from POSTed data?
I don't want to have to write a regex for all that :)
Any suggestions?
I've created a module that bundles the Caja HTML Sanitizer
npm install sanitizer
http://github.com/theSmaw/Caja-HTML-Sanitizer
https://www.npmjs.com/package/sanitizer
Any feedback appreciated.
One of the answers to Sanitize/Rewrite HTML on the Client Side suggests borrowing the whitelist-based HTML sanitizer in JS from Google Caja which, as far as I can tell from a quick scroll-through, implements an HTML SAX parser without relying on the browser's DOM.
Update: Also, keep in mind that the Caja sanitizer has apparently been given a full, professional security review while regexes are known for being very easy to typo in security-compromising ways.
Update 2017-09-24: There is also now DOMPurify. I haven't used it yet, but it looks like it meets or exceeds every point I look for:
Relies on functionality provided by the runtime environment wherever possible. (Important both for performance and to maximize security by relying on well-tested, mature implementations as much as possible.)
Relies on either a browser's DOM or jsdom for Node.JS.
Default configuration designed to strip as little as possible while still guaranteeing removal of javascript.
Supports HTML, MathML, and SVG
Falls back to Microsoft's proprietary, un-configurable toStaticHTML under IE8 and IE9.
Highly configurable, making it suitable for enforcing limitations on an input which can contain arbitrary HTML, such as a WYSIWYG or Markdown comment field. (In fact, it's the top of the pile here)
Supports the usual tag/attribute whitelisting/blacklisting and URL regex whitelisting
Has special options to sanitize further for certain common types of HTML template metacharacters.
They're serious about compatibility and reliability
Automated tests running on 16 different browsers as well as three diffferent major versions of Node.JS.
To ensure developers and CI hosts are all on the same page, lock files are published.
All usual techniques apply to node.js output as well, which means:
Blacklists will not work.
You're not supposed to filter input in order to protect HTML output. It will not work or will work by needlessly malforming the data.
You're supposed to HTML-escape text in HTML output.
I'm not sure if node.js comes with some built-in for this, but something like that should do the job:
function htmlEscape(text) {
return text.replace(/&/g, '&').
replace(/</g, '<'). // it's not neccessary to escape >
replace(/"/g, '"').
replace(/'/g, ''');
}
I recently discovered node-validator by chriso.
Example
get('/', function (req, res) {
//Sanitize user input
req.sanitize('textarea').xss(); // No longer supported
req.sanitize('foo').toBoolean();
});
XSS Function Deprecation
The XSS function is no longer available in this library.
https://github.com/chriso/validator.js#deprecations
You can also look at ESAPI. There is a javascript version of the library. It's pretty sturdy.
In newer versions of validator module you can use the following script to prevent XSS attack:
var validator = require('validator');
var escaped_string = validator.escape(someString);
Try out the npm module strip-js. It performs the following actions:
Sanitizes HTML
Removes script tags
Removes attributes such as "onclick", "onerror", etc. which contain JavaScript code
Removes "href" attributes which contain JavaScript code
https://www.npmjs.com/package/strip-js
Update 2021-04-16: xss is a module used to filter input from users to prevent XSS attacks.
Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist.
Visit https://www.npmjs.com/package/xss
Project Homepage: http://jsxss.com
You should try library npm "insane".
https://github.com/bevacqua/insane
I try in production, it works well. Size is very small (around ~3kb gzipped).
Sanitize html
Remove all attributes or tags who evaluate js
You can allow attributes or tags that you don't want sanitize
The documentation is very easy to read and understand.
https://github.com/bevacqua/insane