On Wed, Oct 21, 2009 at 6:32 AM, jack <jack.wid...@gmail.com> wrote:
>
> Let's say source.body is <a><href="google.com">Search</a>. If I put
> source.body in a span like this -
>
> <span>{source.body}</span>
>
> source.body will be converted to text and the actual link tags will be
> displayed. What is the right way to do this?
>
>
How was source.body generated?
> On Oct 21, 9:06 am, David Pollak <feeder.of.the.be...@gmail.com>
> wrote:
> > On Tue, Oct 20, 2009 at 10:16 PM, jack <jack.wid...@gmail.com> wrote:
> >
> > > OK, I see why this is happening. the {exp} in the NodeSeq convert exp
> > > to a String. So I did by creating a string and then converting it to a
> > > NodeSeq at the end. Is there a way to do this without using and
> > > intermediary string?
> >
> > I don't know what a source is, but you really, really have to be careful
> > about promoting a String to a NodeSeq. If the String has user-generated
> > content in it, then you've got a cross-site scripting vulnerability
> waiting
> > to happen. For user-generated content, I suggest using Textile parser
> built
> > into Lift.
> >
> > In any case, if you don't have a NodeSeq in your data structure, you'll
> have
> > to parse it into XML before displaying it.
> >
> >
> >
> >
> >
> > > On Oct 21, 1:03 am, jack <jack.wid...@gmail.com> wrote:
> > > > I have the following method display. source.body has html tags in it
> > > > but the actual tags are showing instead of being evaluated. e.g. I'm
> > > > seeing things like '<b>Hey There</b>' instead of 'Hey There' in bold.
> > > > This method is in a CometActor and is running when the page is
> > > > rendered. Am I missing something obvious?
> >
> > > > def display(sources:List[Source]):NodeSeq = {
> >
> > > > <span id="joop"><table>
> > > > {
> > > > for {source <- sources} yield <tr><td>{source.body}</td></tr>
> > > > }
> >
> > > > </table>
> > > > </span>
> > > > }
> >
> > --
> > Lift, the simply functional web frameworkhttp://liftweb.net
> > Beginning Scalahttp://www.apress.com/book/view/1430219890
> > Follow me:http://twitter.com/dpp
> > Surf the harmonics
> >
>
--
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Surf the harmonics
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~----------~----~----~----~------~----~------~--~---
