Im sure this is a common question...
I want the user to be able to enter and format a description.
Right now I have a multiline textbox that they can enter plain text into. It would be nice if they could do a little html formatting. Is this something I am going to have to handle? Parse out the input and only validate if there are "safe" tags like <ul><li><b> etc?
I am saving this description in an SQL db. In order to display this HTML properly do I need to use a literal on the page and just dump it in the proper area or is there a better control for what I am doing?
Also, is there a free control like the one on SO for user input/minor editing?
Have a look at the AntiXSS library. The current release (3.1) has a method called GetSafeHtmlFragment, which can be used to do the kind of parsing you're talking about.
A Literal is probably the correct control for outputting this HTML, as the Literal just outputs what's put into it and lets the browser render any HTML. Labels will output all the markup including tags.
The AJax Control Toolkit has a text editor.
Also, is there a free control like the
one on SO for user input/minor
editing?
Stackoverflow uses the WMD control and markdown as explained here:
https://blog.stackoverflow.com/2008/09/what-was-stack-overflow-built-with/
You will need to check what tags are entered to avoid Cross side scripting attacks etc. You could use a regex to check that any tags are on a 'whitelist' you have and strip out any others.
You can check out this link for a list of rich text editors.
In addition to the other answers, you will need to set ValidateRequest="false" in the #Page directive of the page that contains the textbox. This turns off the standard ASP.NET validation that prevents HTML from being posted from a textbox. You should then use your own validation routine, such as the one #PhilPursglove mentions.
Related
This may be a totally newbie question, but here it goes. I have a asp.net web page that I need to display text from a .txt file. I am trying to figure what would be the best control to do this with or the best method. I looked at using an iframe, but this does a very poor job of displaying the text from the file (for instance no word wrap for an iframe). I don't really expect anyone to solve this for me completely, but if you have any suggestions or know of any links to tutorials or explanations where someone has done this, I would be very greatful.
Thanks
You can for example add a Literal control, assign File.ReadAllLines("yourfile.txt") to the Text property and replace \r\n with <br />.
You should just read the text-file in code (using a streamreader for example). Once you have that text, just output it to your web page.
If you're using web forms you could place a label and then set the text of that label.
If you're using MVC you could put it in the ViewBag and then in your view output the value from the ViewBag (or use a custom viewmodel)
You could use a Literal or Label control. Make sure that the control that you use encodes the text in order to avoid XSS vulnerabilities (or encode the text manually if necessary).
It might as well be necessary to substitute line endings with <br/> tags.
I am creating a blog and I am wondering how to allow an admin user to add styles to their post. For instance, if they would like to bold a few words in a paragraph or add an image in the middle of the paragraph.
I am using MVC 4 and entity framework. The plan is to have a text area for the user to create a post and save to the database. And also allow the user to do basic formatting to the text.
Thanks in advance.
You will want to implement a (possibly jQuery?) HTML WYSIWYG editor, such as Redactor
. There are many WYSIWYG plugins out there that are configurable and hook to your textarea.
First try to make a simple textarea that can save your text in your database then after that you can change that textarea and use some plug-ins like ckeditor (references: http://drupal.org/project/ckeditor, http://drupal.org/project/ckeditor), you may also like to use nicEdit which I'm also using right now (http://nicedit.com/), or you may want to use WYSIWYM Markdown Editor[wmd] (https://github.com/derobins/wmd, http://code.google.com/p/wmd/) like this one on stack overflow.. And another one Rich Text Editor [RTE] (demo is here: http://www.kevinroth.com/rte/demo.htm, main site is here: http://www.kevinroth.com/rte/)
I am imitating my email client on a asp page. I have a gridview that displays things like from,subject,attachments, and the body. The body is html. When I view it in the grid view and set htmlencode= 'false' i can see it correctly. However, I want to the display it inside a textbox, so it can edit and forward it or reply.
Any ideas?
Thanks,
Load the HTML into a rich text editor to enable to user to edit it - be aware that most rich text editors out there are not designed to create email safe HTML and they will require a substantial amount of tweaking if you are going to support more than the most basic formatting.
Some example rich text editors:
http://ajaxcontroltoolkit.codeplex.com/
http://www.freetextbox.com/
Look into using a WYSIWYG (What You See Is What You Get) text editor like Cute Editor
you need to use an HTML Editor / TextBox, we use DevExpress components, very high quality but not free, there are also alternatives like Telerik or Infragistics and also free alternatives... see here: Best Free available wysiwyg html editor
Try this...
You can-t display html in textbox but you can get the source code.I am using this:) click here
You can try dinamycly add html code to page:
<div runat="server" id="myDiv">
</div>
and then set its InnerHtml property from the code-behind:
myDiv.InnerHtml = "your html here";
but with this way you cannot edit it...
if you are using Devexpress Controls,
you can use ASPxHTMLEditor.
It works exactly as your requirement is.
I have read through some articles on this topic but I am still cautious about this. I am all along using ASP:Textbox but I would like to know what are the things an input textbox cannot possibly perform without using a ASP:Textbox or takes much more effort to pull off?
I have a Jquery tooltip sample which uses HTML input textbox and I am not sure if I should change all my ASP:Textboxes to HTML textboxes, the things which I need to perform on this textboxes are RequiredFieldValidation as well as storing their values into the database.
Anyone can advice me on this rookie question. Thanks.
The asp.net textbox IS a html input box from jQuerys point of view. Everything special about it is done on the server (including viewstate validation). The question you need to ask, is what value does giving it a server side reference bring to your app? Generally the answer is easy server side reference, but does that apply in your case?
As far as i know there is no visible server side programming difference between a HTML input box and an ASP Textbox. ASP.NET Validators would work perfectly both ways.
As for your tooltip concern. Jquery doesn't care if your using an ASP Textbox since your ASP textbox will end up as an HTML textbox anyways.
And for the advice - i don't recommend you changing all your ASP Textbox to HTML input boxes, its just a waste of time. You should use the CSSClass / class property to display the tooltip instead. That way it would work on your regular HTML input box and ASP Textboxes + other page elements.
I have an application that allows the user to create an article. The problem arises when the user pastes from something like Word which comes loaded with a bunch of markup.
I'm using a jQuery editor called tiny_mce which allows the markup. I do a htmlencode and decode obviously but it means that i carry a huge payload of markup.
Is there a way to strip (all) markup from pasted text and just keep the text?
Or is there a way that tiny_mce can show the markup as text?
It's been a while since I used tinyMCE, but when I did I used this paste plugin that did automatic clean-up on paste, including paste from Word.
Strip all HTML markup using Regex: http://weblogs.asp.net/rosherove/archive/2003/05/13/6963.aspx
string stripped = Regex.Replace(textBox1.Text,#"<(.|\n)*?>",string.Empty);
This Regex expression can be applied to the language of choice.
I use a simple Windows shell addin caled Pure Text. It overloads the Windows+V key to do a plain text paste.