Re: [web2py] Re: How to escape apostrophes in view.html
Hi Sorry I couldn't reply earlier, net work issues.
Am not very conversant with CSS, still in the learning stage as I work it
out.
So, from the controller:
question = db(db.answers.author ==
auth.user.id).select(orderby=~db.answers.created_on,limitby=(2,0)).user
query statement
answer = db(db.answers.author ==
auth.user.id).select(orderby=~db.answers.created_on,
limitby=(2,0))...system reply statement
return dict(form=form, question=question, answer=answer, replies=replies)
whenever the user or system uses a string containing an apostrophe such as
"can't, USDA's Food Guide, etc " the string is not displayed during the
reply and I have to refresh the page. This is the view.html code:
{{for reply in replies:}}
{{=prettydate(reply.modified_on)}}
{{=XML(reply.quest.replace('\n',''))}}
{{=prettydate(reply.modified_on)}}
{{=XML(reply.message.replace('\n',''))}}
{{pass}}
style:
Re: [web2py] Re: How to escape apostrophes in view.html
First, do not use XML(...) with user-generated content, as that is a
serious cross-site scripting vulnerability. At least use XML(...,
sanitize=True).
Which browser are you using? Browsers should be able to display an
unescaped apostrophe. Can you show the raw HTML generated by your app where
an apostrophe is not displaying? Also, you said you have to refresh the
page -- are you saying the apostrophe does display after you refresh?
Note, if it is OK to escape all the user content and the only processing
required is to replace line feeds with HTML elements, you can do
something like this:
def preserve_line_breaks(text):
return CAT(*[element for line in text.split('\n') for element in (line,
BR())])
and in the view:
{{=preserve_line_breaks(reply.message)}}
In that case, web2py will escape all the text (including apostrophes) but
will insert elements in place of any line feeds.
Anthony
On Saturday, March 24, 2018 at 4:48:01 AM UTC-4, Maurice Waka wrote:
>
> Hi Sorry I couldn't reply earlier, net work issues.
>
> Am not very conversant with CSS, still in the learning stage as I work it
> out.
>
> So, from the controller:
> question = db(db.answers.author ==
> auth.user.id).select(orderby=~db.answers.created_on,limitby=(2,0)).user
> query statement
> answer = db(db.answers.author ==
> auth.user.id).select(orderby=~db.answers.created_on,
> limitby=(2,0))...system reply statement
> return dict(form=form, question=question, answer=answer, replies=replies)
>
> whenever the user or system uses a string containing an apostrophe such
> as "can't, USDA's Food Guide, etc " the string is not displayed during
> the reply and I have to refresh the page. This is the view.html code:
>
>
> {{for reply in replies:}}
>
>
> {{=prettydate(reply.modified_on)}}
>
>
>class="text">{{=XML(reply.quest.replace('\n',''))}}
>
>
>
>
>
> {{=prettydate(reply.modified_on)}}
>
>
>class="text">{{=XML(reply.message.replace('\n',''))}}
>
>
> {{pass}}
>
>
>
> style:
>
>
Re: [web2py] Re: How to escape apostrophes in view.html
I must say am really greatfull for your response.
Amazingly, as soon as I used the '...sanitize=True'statement, the error
(problem) is gone!
Am using chromium browser, in Ubuntu 16.04 LTS.
Let me be really sure tat its gone then will revert to you
Kind regards
On Sat, Mar 24, 2018 at 3:57 PM, Anthony wrote:
> First, do not use XML(...) with user-generated content, as that is a
> serious cross-site scripting vulnerability. At least use XML(...,
> sanitize=True).
>
> Which browser are you using? Browsers should be able to display an
> unescaped apostrophe. Can you show the raw HTML generated by your app where
> an apostrophe is not displaying? Also, you said you have to refresh the
> page -- are you saying the apostrophe does display after you refresh?
>
> Note, if it is OK to escape all the user content and the only processing
> required is to replace line feeds with HTML elements, you can do
> something like this:
>
> def preserve_line_breaks(text):
> return CAT(*[element for line in text.split('\n') for element in (line
> , BR())])
>
> and in the view:
>
> {{=preserve_line_breaks(reply.message)}}
>
> In that case, web2py will escape all the text (including apostrophes) but
> will insert elements in place of any line feeds.
>
> Anthony
>
> On Saturday, March 24, 2018 at 4:48:01 AM UTC-4, Maurice Waka wrote:
>
>> Hi Sorry I couldn't reply earlier, net work issues.
>>
>> Am not very conversant with CSS, still in the learning stage as I work it
>> out.
>>
>> So, from the controller:
>> question = db(db.answers.author == auth.user.id).select(orderby=~
>> db.answers.created_on,limitby=(2,0)).user query statement
>> answer = db(db.answers.author ==
>> auth.user.id).select(orderby=~db.answers.created_on,
>> limitby=(2,0))...system reply statement
>> return dict(form=form, question=question, answer=answer, replies=replies)
>>
>> whenever the user or system uses a string containing an apostrophe such
>> as "can't, USDA's Food Guide, etc " the string is not displayed during
>> the reply and I have to refresh the page. This is the view.html code:
>>
>>
>> {{for reply in replies:}}
>>
>>
>> {{=prettydate(reply.modified_on)}}
>>
>>
>> {{=XML(reply.ques
>> t.replace('\n',''))}}
>>
>>
>>
>>
>>
>> {{=prettydate(reply.modified_on)}}
>>
>>
>> {{=XML(reply.mess
>> age.replace('\n',''))}}
>>
>>
>> {{pass}}
>>
>>
>>
>> style:
>>
>>
Re: [web2py] Re: ECMAScript Modules Vue and Web2py - simple test
Thank you for the initiative! I am looking forward to learning vue.js and using
it together with web2py. One minor problem is that I am not still getting the
message Into the index page correctly. It only comes in the form of ${message}.
What I might be doing wrong?
Cheers
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: ECMAScript Modules Vue and Web2py - simple test
Hace you checked the browsers developer console?
You have todo edit/create files inside yava/dev/src and run grunt uglify or
just grunt since the default task is watch and minify to static/vue.
Marco.
PS. Later this afternoon will upload a new branch with no grunt nor
minification.
El sáb., 24 de mar. de 2018 12:37, Gualter Portella
escribió:
> Thank you for the initiative! I am looking forward to learning vue.js and
> using it together with web2py. One minor problem is that I am not still
> getting the message Into the index page correctly. It only comes in the
> form of ${message}. What I might be doing wrong?
> Cheers
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: ECMAScript Modules Vue and Web2py - simple test
Oh, and check browsers support, Firefox needs the extra step mentioned in
the readme file.
El sáb., 24 de mar. de 2018 12:37, Gualter Portella
escribió:
> Thank you for the initiative! I am looking forward to learning vue.js and
> using it together with web2py. One minor problem is that I am not still
> getting the message Into the index page correctly. It only comes in the
> form of ${message}. What I might be doing wrong?
> Cheers
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[web2py] Re: ECMAScript Modules Vue and Web2py - simple test
Thanks, Marco. It was just a browser support issue with firefox. Em sexta-feira, 23 de março de 2018 16:07:26 UTC-3, marco mansilla escreveu: > > Just in case anyone is interested I have uploaded a simple test app with > VueJS as modules in the browser. > > Did it to test and see how it works, as a demo someone could find it > useful, more info in the readme file. > > https://github.com/marcomansilla/yava > > Opinions are always welcome and appreciated. > > -- > -BEGIN GEEK CODE BLOCK- > version 3.1 > GCS/GTW/| d? s+:+>+++ a-- C+++(+) UL>$ P++>+++ L+++>+$ E->+ W++>+ > N>+++ o K- w---() > O(--) M>-- V-- PS++ PE++>+ Y-->+ PGP+>+++ t-(?) 5? X++ R+ !tv b+++> > DI+++ D--- G+++>+ > e+++> h* r++>+++ y++ > --END GEEK CODE BLOCK-- > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: ECMAScript Modules Vue and Web2py - simple test
Perfect, Chrome support is set by default, I guess Firefox will do the same un the next versión, currently 59.1 still needs manual activation for this feature. El sáb., 24 de mar. de 2018 18:43, Gualter Portella escribió: > Thanks, Marco. > > It was just a browser support issue with firefox. > > > > Em sexta-feira, 23 de março de 2018 16:07:26 UTC-3, marco mansilla > escreveu: >> >> Just in case anyone is interested I have uploaded a simple test app with >> VueJS as modules in the browser. >> >> Did it to test and see how it works, as a demo someone could find it >> useful, more info in the readme file. >> >> https://github.com/marcomansilla/yava >> >> Opinions are always welcome and appreciated. >> >> -- >> -BEGIN GEEK CODE BLOCK- >> version 3.1 >> GCS/GTW/| d? s+:+>+++ a-- C+++(+) UL>$ P++>+++ L+++>+$ E->+ W++>+ >> N>+++ o K- w---() >> O(--) M>-- V-- PS++ PE++>+ Y-->+ PGP+>+++ t-(?) 5? X++ R+ !tv b+++> >> DI+++ D--- G+++>+ >> e+++> h* r++>+++ y++ >> --END GEEK CODE BLOCK-- >> > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
