I am using ColdFusion 8.
I have a perfectly formatted HTML page that I want to convert into PDF. It takes ColdFusion about 250 milliseconds to create this content. The code is tried and true and works in every respect with no problem, except for in creating a PDF.
I create the PageContent variable like this:
<!--- CREATE PAGE AS CONTENT --->
<cfsavecontent variable="PageContent">
<html>
<head></head>
<body>
<cfoutput>
// PAGE CONTENT IS HERE
<cfoutput>
</body>
</html>
</cfsavecontent>
I can display this PageContent perfectly as HTML in a browser, open it in Word or Excel. I try to create a PDF like this:
<cfdocument format="pdf">
<cfoutput>
#PageContent#
</cfoutput>
</cfdocument>
The page content has inline styles, images, divs, and tables. If I remove the image path and file with an empty string, the document works. Here's the
I think that the PDF generator is choking ob the image path, although the paths seem perfect to me and render well everywhere else. The img tag is being fed the full HTTP path, which is totally valid. Here's one that isn't working:
http://dev.iqcatalogs.com/avcat/IMAGES/products/spotlight/ef17_40_4lu_c2_186x279.gif
What might cause the images from rendering properly in PDF?
(From the comments above) I am guessing you have looked into the usual suspects already?
ie 2) If your server is behind firewall. As we mentioned earlier, CF
server needs to send an HTTP request for the images. If the firewall
prevents any outgoing connection from the server, CF will not be able
to retrieve them and will show a red-x in place of them. You will need
to setup your firewall in such a way that server can send an HTTP
request to itself.
Remember that for Cfdocument to work it doesn't matter whether you can pull up the image in your browser. It only matters if the server can pull it up. The most likely cause for this is simply domain resolution - where the server cannot get the right IP address - or where it is blocked from retrieving the content. See this post.
resolution and cfdocument
Related
I have an Asp.Net Core 3.1 razor page app. I'm receiving HTML content from user and that will be displayed back in the browser. It's kind of blog like app where my end user will be given a WYSIWYG editor and then the HTML from user will be encoded and saved in database.
Now when the blog page is requested, I need to decode the HTML content back and display in browser. This make my site vulnerable to XSS attack.
Here is my HTML from user,
<p>blog 5</p><script>alert()</script>
I encode this and save in database,
<p>blog 5</p><script>alert()</script>
Now to render the same,
#Html.Raw(System.Net.WebUtility.HtmlDecode(Model.Blog.Content))
When the page gets rendered it shows javascript alert() box.
if I don`t decode then html string is displayed,
#Html.Raw(Model.Blog.Content)
as shown below,
<p>blog 5</p><script>alert()</script>
I'm confused. Am I doing something wrong here? Please assist and correct me. I need the html to be safe and also it has to display as html in browser than as html string output.
I would recommend using an HTML sanitizer library. One of the more popular ones for .NET is:
https://github.com/mganss/HtmlSanitizer
It is available on Nuget:
https://www.nuget.org/packages/HtmlSanitizer/
This will allow you to whitelist the tags that you want to allow. See the wiki for additional documentation and examples.
This question as first asked was closed by three experts who were convinced that the source code displayed by the browsers had to be the same as the code which I uploaded to my web host server. I knew that this was not the case, therefore the problem must lie with my web hosting ColdFusion server, as it is highly unlikely that all three browsers would make the same mistake.
My page (https://gustav-mahler.org/nachrichten/pdfs.cfm) begins like this:
<!DOCTYPE html>
<html>
<head>
However in Chrome 80, MSIE 11 and Firefox 73.0.1, the source code is displayed like this:
--->
<!DOCTYPE html>
<html>
<head>
I am now suspecting that the string "--->" must have been added by my ColdFusion webserver for some reason, as that string normally indicates the closing of a ColdFusion comment. But in this case there is no comment to close. I have added a ColdFusion tag to this question, and if this problem is unknown to CF experts, I shall have to ask my web host technician for advice.
This is a very long comment that tells you how to find the source of the problem.
On the host server, create an html page with a doctype tag, plus opening and closing html, head, and body tags. Add a short paragraph, inside p tags. Browse the page and check the html source for the extra line.
If it's there, talk to your hosting company. Otherwise, rename the file from .html to .cfm. Browse and check again.
If the line is not there, it's likely your code. Start adding lines of ColdFusion code, one or two at a time and keep testing until the line appears.
I've looked through just about every related question on here that I can find and none of the suggested solutions seem to resolve my problem.
I'm currently hosting a website on Amazon AWS using strictly the S3 and Route 53 tools to host a static website and re-route from a couple of different URL queries to our site. This morning I attempted to update the CSS files being used to style the webpage, as well as a bunch of new image files and some minor updates to the HTML pages, and noticed that all of my changes showed up immediately on the webpage except the changes I had made to my CSS file. I've checked, and the version of the file on the S3 is the correct/updated version, but when I attempt to use the Developer Tools in my web browser to inspect the webpage displayed, it's still showing an older version of the css file. This doesn't make any sense to me, as all of the other changes show up immediately except for this particular file. Does anyone have any thoughts on how to fix this/what could be going wrong?
NOTE: I'm not using AWS CloudFront on this webpage at all so I don't believe that any of the "invalidation" suggested elsewhere will help me. In the past, I've updated the files and seen immediate changes when loading my webpage.
You already know this is a browser cache issue - which you can clear the cache, but if you want to force everyone to automatically get the new CSS, what I usually do is add a query parameter to the file include, i.e. instead of
<link href="~/css/plugins/thickbox/thickbox.css" rel="stylesheet" />
do this:
<link href="~/css/plugins/thickbox/thickbox.css?v=1001" rel="stylesheet" />
and you can up the 1001 each time you push out an update - the browser will automatically grab the new file.
Google 'cache-busting' for other options.
I'm working on creating HTML snapshots for an AJAX application that is to use Google AJAX crawling. I'm accessing this page through a cfhttp request. The reason for this is that this app is going to be embedded on sites and those sites use lots of different server-side languages and rewritting it in every language is not practical.
When I create an anchor link, like so,
<a class='icf_btn_small' href='##!year=#YearID#'>#YearID#</a>
Coldfusion outputs to the server a full url, like so:
<a class='icf_btn_small' href='http://example.com:80/snapshots/#!year=2016'>2016</a>
Is this a setting that maybe can be turned off?
Thank you
I'm fairly new to ColdFusion and am currently creating a system for which users can view PDF files. As well, I have it so some users can upload replacements for the current PDF if need be. The problem is, at least when using Firefox, when the user views the PDF file, it goes into their history cache to improve loading times I assume, and if a user replaces the PDF with a more updated one, users with the original PDF in their history cache will just see the old file and not the new one.
Now, I'm not going to just tell users to clear their history, so here's where my question comes in: Is there either a way to prevent the PDF from going into their history cache or is there a way to remove the page from the history? Any help would be greatly appreciated! :)
In PDF link add timestamp using gettickcount() to make URL unique and this prevent caching pdf.
http://mywebsite/pdfname.pdf?123249329323
Rather than link directly to the PDF, link to a .cfm that has this code:
<cfheader name="expires" value="#getHttpTimeString(now())#">
<cfheader name="pragma" value="no-cache">
<cfheader name="cache-control" value="no-cache, no-store, must-revalidate">
<cfcontent file="#path_to_pdf_file#" type="application/pdf">