I'm using a globalized Kendo template in which I globalize the title of the button:
-bunch of redundant code deleted-
class="btn-ico del" title="#Resources.AdminResources.DeleteStr">
This works fine in English, Italian, Japanese and Polish however in German the word for delete happens to have an umlaut (Löschen) and I get the following error:
Uncaught Error: Invalid template:'
This is how the browser renders it:
class="btn-ico del" title="L&';246;schen"
By default I have
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
set in my template; changing it to the iso-8851-1 encoding did not work.
Temporarily I changed Löschen to Loeschen but that is not elegant.
Kendo encodes the character and places a hash (#), just replace all hashes with escaped hashes
In C# I would do.. .Replace("#", "\#" )
Related
I am creating a ColdFusion page with some Japanese characters. I included the following in the top of the page.
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
If I explicitly include Japanese characters in the output, they look fine. However, if I output them using, say:
<cfoutput>#variables.TitleInJapanese#</cfoutput>
The output is garbled as though the encoding is not recognized. I have tried <cfcontent> and <cfprocessingdirective> tags to no avail.
If I open the .cfm source file, the Japanese characters that are assigned to the variables look as they should in my text editor. It's the content that is generated using <cfoutput> that is giving me trouble. Any suggestions would be welcome. Thanks!
Correction: The page I have created will not display any Japanese characters, explicit or referenced. However, other files using <cfinclude> within the page that have Japanese characters render just fine.
I'm coding a rails app, and I have a problem with the title's page :
In my config/locales/fr.yml I have this : fr:product:edit: "Modification de l'objet"
And in my /app/views/products/edit.html.erb I have this : <title><%= t('product.edit') %></title>
And when I render the page, it gives me this : Modification de l'objet.
Do you know what's wrong with it ?
I tried to add <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> in the head of my HTML, or this but it didn't worked for me...
You can use <%= raw(I18n.t('product.edit')) %> to avoid this. Be aware though, that the code won't be escaped. When using raw you have to be sure there's no way to inject malicious code in the string.
I think I can tell you where l&#'39 is coming from...
Hopefuly then you can find a solution on how to fix it.
Open up notepad and holddown the Alt key and press 39 see what character appears ??
You notice you get the ' character when you type that number so after compling you code seems to look at l'objet as l And #39
So I think there is as you are poinitg out some sort language issues and the characters are represented. You might be able to reverse this to solve your problem.
Sorry this is all I had.
Ascii decoding error
Text = "Hanuman (Sanskrit: हनुमान्, Hanumān), a Hindu deity who was an ardent devotee of Rama according to Hindus legends, and a central character in the Indian epic Ramayana."
I saved the text into MYSQL table to novarchar column, it inserts successfully.
when i retrieve this data in console, it is displaying correctly. But when i tried to retrieve it via django and display it in template ,it is showing as some ascii characters.
Displaying as "Hanuman (Sanskrit: हनà¥à¤®à¤¾à¤¨à¥, HanumÄn), is a Hindu deity who is an ardent devotee of Rama, a central character in the Indian epic Ramayana."
I guess you miss the content type meta tag in your template:
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
encodeForHtml() (new in CF10) vs htmlEditFormat(), how are they different?
I think it is same as encodeForHTML function in java's OWASP ESAPI. More secure to avoid XSS attack to use content in HTML.
<cfsavecontent variable="htmlcontent">
<html>
<head>
<script>function hello() {alert('hello')}</script>
</head>
<body>
Book Mark & Anchor<br/>
<div class="xyz">Div contains & here.</div>
<IMG SRC=javascript:alert(&# x27XSS')>
<IMG SRC=javascript:alert('XSS')>
</body>
</html></cfsavecontent>
<cfoutput>#htmleditformat(htmlcontent)#</cfoutput>
<br />
<cfoutput>#encodeforhtml(htmlcontent)#</cfoutput>
EncodeFor* functions are based on the OWASP ESAPI libraries. The main difference is that HTMLEditFormat() merely replaces "bad" strings, like &, < and > with good strings, like &, < and > whereas EncodeForHTML() is smarter, with one advantage being it can recognize content that is already encoded and not double-encode it.
For example, if a user submitted the following content to your site:
<div>
Here is <i>test</i> html content includes<br/>
<script>alert('hello')</script>
Notice how & rendered with both functions.
</div>
Both HTMLEditFormat() and EncodeForHTML() would properly escape the '<' and '>' characters. But HTMLEditFormat() would blindly encode the & again such that your output looks like:
... how & rendered ...
Where it would otherwise look like with encodeForHTML():
... how & rendered ...
HTMLEditFormat() couldn't tell that the ampersand was already encoded, so it re-encoded it again. This is a trivial example, but it demonstrates how the ESAPI libraries are smarter and, therefore, more secure.
Bottom line, there's no reason to use HTMLEditFormat() in CF10+. For maximum protection, you should replace the Format functions with the Encode functions.
The complete example above and more background are at isummation: http://www.isummation.com/blog/day-2-avoid-cross-site-scripting-xss-using-coldfusion-10-part-1/
My django code works in chrome and firefox but in IE the webpage displays unreadable charactars. The following is my code setting:
DEFAULT_CHARSET = 'utf8'
FILE_CHARSET = 'utf8'
and the template files are saved as utf8 format, but my template file has some other language besides english. That non-english part is not readable.
Should I change some setting of django ? Most of the visitors of my website may use IE, so this is a big problem. Any suggestions?
did you add this meta to your base html?
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>