I have a single page within Sitecore, containing a HTML table. I've added some CSS and JavaScript to the page, through the Sitecore HTML editor to allow DataTables.NET to format the table.
This work well, except that when a regular user goes to update the table using the rich text editor, my CSS and JavaScript is removed.
I can add the CSS to a generic CSS files, but the JavaScript contains initialization logic, so needs to be on the page itself.
What's the easy way to add references to CSS and JavaScript files?
There is a setting in web.config that is true by default.
<setting name="HtmlEditor.RemoveScripts" value="true"/>
Setting this to false will prevent the Rich Text Editor from stripping out the script blocks. But be aware that it will affect every single Rich Text field in your site, and it was put in there as a safety precaution. You can take a look at this blog post for more info.
There are other code solutions, like adding a Multiline text field for your scripts which would not strip anything out but would require modifying the layout files but if you are comfortable editing the CSS file then I suggest you just do the same with your javascript file, add a unique ID/selector to your table (in the RTE) and then just initialize there. e.g.
$(document).ready(function() {
$('#myCustomDatatable').dataTable( {
"paging": false,
"ordering": false,
"info": false
} );
} );
As long as the selector targets the table uniquely and the js files are loaded on your page this will run and format your table.
If you have access to the file system, you can just add the js or css references to the appropriate layout file. Although I gather from your comments you weren't involved on the development of the site. I Expect that the people who did develop it purposely didn't provide a simpler way for you to do it for good reasons. So I would recommend contacting them.
Related
A client is using Sitecore 9 - we are not Sitecore developers.
We've been asked a simple thing: add social media links to the Footer of their Sitecore site.
Its proving more difficult than expected.
I've added the links on other pages by editing the HTML directly via the WYSWIG editor.
But the Footer appears more restricted, only accepting the addition of templates like 'Link'.
The 'Link' template has an option to add an external URL but doesn't have an option to add an image.
The CMS looks like this:
Is there any way to add a link, with an image, via the CMS (without the need to write Sitecore code), so the page chnages from this:
to this:
If you dont want to write Sitecore code, maybe you should think about using frontend.
Find the views that holds the footer (probably Foundation/Footer.cshtml) or something like that.
-To easily find where it is, follow these steps
Go to a content page Presentation Details that has footer (probably any)
Go to Controls
Find the footer rendering in there
Click on it
Grab the Datasource's value
Go to the Datasource's path
There should be a field holding the value of the view.
Add some css class on the div that holds those items, and do your frontend stuff in there...
It is not a scalable solution, so I would highly recommend updating the Footer rendering by adding new fields and adapting the model/view. So that way a content editor could easily add a new value for each socials.
I'm fairly new to Django CMS so please forgive me if my terminology isn't right.
I have a page with a placeholder within which I have added some html using the Text plugin. Within that, I would like to be able to add one or many pre-templated pieces of html.
I have looked into building my own plugin but the documentation that I've been reading here only allows the plugin to be added from outside the actual text plugin page and renders the result beneath my text plugin content. I've found the section on Nested Plugins, but I'm trying to nest my plugin within the built-in Text plugin which that doesn't seem to cover.
What I'm looking for is to be able to build something so that it places block-level html elements within the content like the Link or Image plugins (in my case, it would be some block-level html content).
How can I do this, or where can I find some more information on how this can be done?
We have a requirement to implement tooltips for words that are authored in Sitecore RTE.
The idea behind is that user should be able to hover over the word and see it's description/meaning.
Is this possible to achieve in sitecore? Did a quick search on marketplace but could not find any modules.
Below are some options to consider for achieving what you described.
Inject Tooltip HTML in a renderField pipeline
In this option, you would extend the renderField pipeline. First, you will need to ensure that you are dealing with a rich-text field, and if so, locate terms and replace them with the necessary markup that is required for the tooltip. This could be as simple as wrapping the word in an <abbr> or perhaps a <span> element with a CSS class. The list of terms and tooltip content could be sourced from items in Sitecore or a custom Sitecore Dictionary. Caching the terms would be essential as this pipeline processor is invoked frequently every time a field is rendereded.
Progressive enhancement with JavaScript
This approach is almost entirely based on the client-side. Terms could be located and replaced fairly easily with the help of JQuery. If the list of terms is of a reasonable size, they could be bootstrapped into a JavaScript variable. Once terms are located and enhanced, a separate, asynchronous call to a REST endpoint could be made when hovering or clicking the term. The API would accept a term and respond with the term's definition.
HTML Snippet in RTE Editor
Sitecore RTE editor can be extended with additional buttons. One of these options allows you to insert predefined snippets of HTML. The RTE editor also has a setting to specify a CSS file to style the content within the field (<setting name="WebStylesheet" value="/css/yourstylesheet.css" />). Styling would be necessary in order to target the description markup and make it visible to be edited, whereas, on the public site, the description markup would normally be hidden by default until the term is clicked on or hovered over.
Dynamic Link Replacement
http://www.layerworks.com/blog/sitecore-token-replacement
I have a WYsIWYG editor in my coldfusion app and need to prevent XSS Attacks. Is there any Coldfusion ways to strip out all script type attacks?
http://blog.pengoworks.com/index.cfm/2008/1/3/Using-AntiSamy-to-protect-your-CFM-pages-from-XSS-hacks
http://code.google.com/p/owaspantisamy/downloads/list
The main question I would ask is what is this WYSIWYG for? Many WYSIWYG's allow you to define specific tags to have stripped out of the code.
For instance you can have TinyMCE strip out the script tags with
http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/invalid_elements
This unfortunately does not solve your problem since all client side data form submissions are circumventable. If you must use a WYSIWYG ,then what you really need to make sure to do is to cover all your bases on the form's validation and display. You can strip out all script tags and make sure to remove any event attributes and javascript code in links href attributes.
If it is acceptable to only allow a specific subset of tags I would suggest either using BBML, BBCode, or Markdown.
http://www.depressedpress.com/Content/Development/ColdFusion/Extensions/DP_ParseBBML/Index.cfm
http://en.wikipedia.org/wiki/BBCode
http://sebduggan.com/projects/cfxmarkdown
You can use TinyMCE as a WYSIWYG for BBCode http://tinymce.moxiecode.com/examples/example_09.php and StackOverflow uses a great markdown editor http://github.com/cky/wmd
Here is some good info if you would like to render BBCode in Coldfusion
http://www.sitepoint.com/forums/showthread.php?t=248040
Something to consider is that while stripping the tags out in the browser with TinyMCE is a good idea, it makes a fatal assumption that the user is going to be submitting content via the browser. Anything that you do in the browser needs to be duplicated on the server because attackers can bypass any validation that happens in the browser.
With that said check this article: http://www.fusionauthority.com/techniques/3908-how-to-strip-tags-in-three-easy-lessons.htm which spells this out in more detail than I could here. Basically it discusses using regex and UDFs to strip tags out easily. The last example is particularly important... check it out.
To convert these tags <> or use HTMLEditformat function.
Hey everyone, I would appreciate a pointing in the right direction with the problem I'm having. In short, I'm working on an application that will create PDFs using TinyMCE and ColdFusion 8. I have the ability to create a PDF by just entering in text, pictures, etc. However, I want to be able to import an html template and insert it into the TinyMCE .
Basically, I have a file directory code snippet that lets me browse through my 'HTMLTemplates' folder, and am able to select an HTML document. Now, I want to be able to take all the code from that selected HTML document and insert it into my TinyMCE box. Any tips on how I might do this, maybe?
Thanks!
If I understood you correctly, you already have a TinyMCE plugin which pops up a window and allows you to browse the certain directory using existing cfm page which you render within the popup window. Right?
If not, you should start with this. Not sure how easy it is done in current version, but in the older TinyMCE I've created the custom upload plugin (needed to track the site security permissions for current user) pretty quickly.
Next, I can see two quick ways to pass the server file contents to the client-side:
Make it available via HTTP so you can make the GET request and read contents into the variable.
Output it on the page using CF (say, on form submit when file selected) and grab using JavaScript.
I'd personally tried the second option. After you grab the text into the variable you can put it into the TinyMCE using it's API.
It can be as simple as output escaped text into the hidden div with known ID and read it using DOM operations (assuming that there is cfoutput around):
<div id="myTemplate">#HTMLEditFormat(myFileContents)#</div>
Also you can output the text directly into the JavaScript variable (of cource, with accurate escaping), maybe like this.
<script type="text/javascript">
var text = '#HTMLEditFormat(myFileContents)#';
</script>
Most advanced and possibly better for performance (and definitely "cooler") way is to use the concept of script tags as data containers, like this:
<script type="text/plain">
#HTMLEditFormat(myFileContents)#
</script>
Last time I've seen this in Nadel's blog, I think. Read it, pretty interesting.
Hope this helps.