[Lift] Re: html not being evalutated
I think another solution is an Unparsed node. When the XML is converted to a
string it will be outputed verbatim.
-
jack wrote:
Let's say source.body is Search. If I put
source.body in a span like this -
{source.body}
source.body will be converted to text and the actual link tags will be
displayed. What is the right way to do this?
On Oct 21, 9:06 am, David Pollak
wrote:
> On Tue, Oct 20, 2009 at 10:16 PM, jack wrote:
>
> > OK, I see why this is happening. the {exp} in the NodeSeq convert exp
> > to a String. So I did by creating a string and then converting it to a
> > NodeSeq at the end. Is there a way to do this without using and
> > intermediary string?
>
> I don't know what a source is, but you really, really have to be careful
> about promoting a String to a NodeSeq. If the String has user-generated
> content in it, then you've got a cross-site scripting vulnerability waiting
> to happen. For user-generated content, I suggest using Textile parser built
> into Lift.
>
> In any case, if you don't have a NodeSeq in your data structure, you'll have
> to parse it into XML before displaying it.
>
>
>
>
>
> > On Oct 21, 1:03 am, jack wrote:
> > > I have the following method display. source.body has html tags in it
> > > but the actual tags are showing instead of being evaluated. e.g. I'm
> > > seeing things like 'Hey There' instead of 'Hey There' in bold.
> > > This method is in a CometActor and is running when the page is
> > > rendered. Am I missing something obvious?
>
> > > def display(sources:List[Source]):NodeSeq = {
>
> > >
> > > {
> > > for {source <- sources} yield {source.body}
> > > }
>
> > >
> > >
> > > }
>
> --
> Lift, the simply functional web frameworkhttp://liftweb.net
> Beginning Scalahttp://www.apress.com/book/view/1430219890
> Follow me:http://twitter.com/dpp
> Surf the harmonics
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
Like David said, be very careful about using NodeSeqs if you're taking
user-generated content, since that can lead directly to cross-site scripting
attacks and other nastiness.
Derek
On Wed, Oct 21, 2009 at 7:41 AM, Jack Widman wrote:
> Oops. I just noticed I made source.body a String and not a NodeSeq.
> Sometimes source.body is text with html tags in it. Like -
>
> Hey dude, what are you doing?
> I guess I should make it a NodeSeq. Sorry about that.
> Jack
>
>
> On Wed, Oct 21, 2009 at 9:33 AM, David Pollak <
> feeder.of.the.be...@gmail.com> wrote:
>
>>
>>
>> On Wed, Oct 21, 2009 at 6:32 AM, jack wrote:
>>
>>>
>>> Let's say source.body is Search. If I put
>>> source.body in a span like this -
>>>
>>> {source.body}
>>>
>>> source.body will be converted to text and the actual link tags will be
>>> displayed. What is the right way to do this?
>>>
>>>
>> How was source.body generated?
>>
>>
>>> On Oct 21, 9:06 am, David Pollak
>>> wrote:
>>> > On Tue, Oct 20, 2009 at 10:16 PM, jack wrote:
>>> >
>>> > > OK, I see why this is happening. the {exp} in the NodeSeq convert exp
>>> > > to a String. So I did by creating a string and then converting it to
>>> a
>>> > > NodeSeq at the end. Is there a way to do this without using and
>>> > > intermediary string?
>>> >
>>> > I don't know what a source is, but you really, really have to be
>>> careful
>>> > about promoting a String to a NodeSeq. If the String has
>>> user-generated
>>> > content in it, then you've got a cross-site scripting vulnerability
>>> waiting
>>> > to happen. For user-generated content, I suggest using Textile parser
>>> built
>>> > into Lift.
>>> >
>>> > In any case, if you don't have a NodeSeq in your data structure, you'll
>>> have
>>> > to parse it into XML before displaying it.
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > > On Oct 21, 1:03 am, jack wrote:
>>> > > > I have the following method display. source.body has html tags in
>>> it
>>> > > > but the actual tags are showing instead of being evaluated. e.g.
>>> I'm
>>> > > > seeing things like 'Hey There' instead of 'Hey There' in
>>> bold.
>>> > > > This method is in a CometActor and is running when the page is
>>> > > > rendered. Am I missing something obvious?
>>> >
>>> > > > def display(sources:List[Source]):NodeSeq = {
>>> >
>>> > > >
>>> > > > {
>>> > > >for {source <- sources} yield
>>> {source.body}
>>> > > > }
>>> >
>>> > > >
>>> > > >
>>> > > > }
>>> >
>>> > --
>>> > Lift, the simply functional web frameworkhttp://liftweb.net
>>> > Beginning Scalahttp://www.apress.com/book/view/1430219890
>>> > Follow me:http://twitter.com/dpp
>>> > Surf the harmonics
>>>
>>>
>>
>>
>> --
>> Lift, the simply functional web framework http://liftweb.net
>> Beginning Scala http://www.apress.com/book/view/1430219890
>>
>> Follow me: http://twitter.com/dpp
>> Surf the harmonics
>>
>>
>>
>
>
> --
> Jack
>
>
> >
>
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
Oops. I just noticed I made source.body a String and not a NodeSeq.
Sometimes source.body is text with html tags in it. Like -
Hey dude, what are you doing?
I guess I should make it a NodeSeq. Sorry about that.
Jack
On Wed, Oct 21, 2009 at 9:33 AM, David Pollak wrote:
>
>
> On Wed, Oct 21, 2009 at 6:32 AM, jack wrote:
>
>>
>> Let's say source.body is Search. If I put
>> source.body in a span like this -
>>
>> {source.body}
>>
>> source.body will be converted to text and the actual link tags will be
>> displayed. What is the right way to do this?
>>
>>
> How was source.body generated?
>
>
>> On Oct 21, 9:06 am, David Pollak
>> wrote:
>> > On Tue, Oct 20, 2009 at 10:16 PM, jack wrote:
>> >
>> > > OK, I see why this is happening. the {exp} in the NodeSeq convert exp
>> > > to a String. So I did by creating a string and then converting it to a
>> > > NodeSeq at the end. Is there a way to do this without using and
>> > > intermediary string?
>> >
>> > I don't know what a source is, but you really, really have to be careful
>> > about promoting a String to a NodeSeq. If the String has user-generated
>> > content in it, then you've got a cross-site scripting vulnerability
>> waiting
>> > to happen. For user-generated content, I suggest using Textile parser
>> built
>> > into Lift.
>> >
>> > In any case, if you don't have a NodeSeq in your data structure, you'll
>> have
>> > to parse it into XML before displaying it.
>> >
>> >
>> >
>> >
>> >
>> > > On Oct 21, 1:03 am, jack wrote:
>> > > > I have the following method display. source.body has html tags in it
>> > > > but the actual tags are showing instead of being evaluated. e.g. I'm
>> > > > seeing things like 'Hey There' instead of 'Hey There' in
>> bold.
>> > > > This method is in a CometActor and is running when the page is
>> > > > rendered. Am I missing something obvious?
>> >
>> > > > def display(sources:List[Source]):NodeSeq = {
>> >
>> > > >
>> > > > {
>> > > >for {source <- sources} yield {source.body}
>> > > > }
>> >
>> > > >
>> > > >
>> > > > }
>> >
>> > --
>> > Lift, the simply functional web frameworkhttp://liftweb.net
>> > Beginning Scalahttp://www.apress.com/book/view/1430219890
>> > Follow me:http://twitter.com/dpp
>> > Surf the harmonics
>>
>>
>
>
> --
> Lift, the simply functional web framework http://liftweb.net
> Beginning Scala http://www.apress.com/book/view/1430219890
>
> Follow me: http://twitter.com/dpp
> Surf the harmonics
>
> >
>
--
Jack
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
On Wed, Oct 21, 2009 at 6:32 AM, jack wrote:
>
> Let's say source.body is Search. If I put
> source.body in a span like this -
>
> {source.body}
>
> source.body will be converted to text and the actual link tags will be
> displayed. What is the right way to do this?
>
>
How was source.body generated?
> On Oct 21, 9:06 am, David Pollak
> wrote:
> > On Tue, Oct 20, 2009 at 10:16 PM, jack wrote:
> >
> > > OK, I see why this is happening. the {exp} in the NodeSeq convert exp
> > > to a String. So I did by creating a string and then converting it to a
> > > NodeSeq at the end. Is there a way to do this without using and
> > > intermediary string?
> >
> > I don't know what a source is, but you really, really have to be careful
> > about promoting a String to a NodeSeq. If the String has user-generated
> > content in it, then you've got a cross-site scripting vulnerability
> waiting
> > to happen. For user-generated content, I suggest using Textile parser
> built
> > into Lift.
> >
> > In any case, if you don't have a NodeSeq in your data structure, you'll
> have
> > to parse it into XML before displaying it.
> >
> >
> >
> >
> >
> > > On Oct 21, 1:03 am, jack wrote:
> > > > I have the following method display. source.body has html tags in it
> > > > but the actual tags are showing instead of being evaluated. e.g. I'm
> > > > seeing things like 'Hey There' instead of 'Hey There' in bold.
> > > > This method is in a CometActor and is running when the page is
> > > > rendered. Am I missing something obvious?
> >
> > > > def display(sources:List[Source]):NodeSeq = {
> >
> > > >
> > > > {
> > > >for {source <- sources} yield {source.body}
> > > > }
> >
> > > >
> > > >
> > > > }
> >
> > --
> > Lift, the simply functional web frameworkhttp://liftweb.net
> > Beginning Scalahttp://www.apress.com/book/view/1430219890
> > Follow me:http://twitter.com/dpp
> > Surf the harmonics
> >
>
--
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Surf the harmonics
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
Let's say source.body is Search. If I put
source.body in a span like this -
{source.body}
source.body will be converted to text and the actual link tags will be
displayed. What is the right way to do this?
On Oct 21, 9:06 am, David Pollak
wrote:
> On Tue, Oct 20, 2009 at 10:16 PM, jack wrote:
>
> > OK, I see why this is happening. the {exp} in the NodeSeq convert exp
> > to a String. So I did by creating a string and then converting it to a
> > NodeSeq at the end. Is there a way to do this without using and
> > intermediary string?
>
> I don't know what a source is, but you really, really have to be careful
> about promoting a String to a NodeSeq. If the String has user-generated
> content in it, then you've got a cross-site scripting vulnerability waiting
> to happen. For user-generated content, I suggest using Textile parser built
> into Lift.
>
> In any case, if you don't have a NodeSeq in your data structure, you'll have
> to parse it into XML before displaying it.
>
>
>
>
>
> > On Oct 21, 1:03 am, jack wrote:
> > > I have the following method display. source.body has html tags in it
> > > but the actual tags are showing instead of being evaluated. e.g. I'm
> > > seeing things like 'Hey There' instead of 'Hey There' in bold.
> > > This method is in a CometActor and is running when the page is
> > > rendered. Am I missing something obvious?
>
> > > def display(sources:List[Source]):NodeSeq = {
>
> > >
> > > {
> > > for {source <- sources} yield {source.body}
> > > }
>
> > >
> > >
> > > }
>
> --
> Lift, the simply functional web frameworkhttp://liftweb.net
> Beginning Scalahttp://www.apress.com/book/view/1430219890
> Follow me:http://twitter.com/dpp
> Surf the harmonics
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
On Tue, Oct 20, 2009 at 10:16 PM, jack wrote:
>
> OK, I see why this is happening. the {exp} in the NodeSeq convert exp
> to a String. So I did by creating a string and then converting it to a
> NodeSeq at the end. Is there a way to do this without using and
> intermediary string?
>
I don't know what a source is, but you really, really have to be careful
about promoting a String to a NodeSeq. If the String has user-generated
content in it, then you've got a cross-site scripting vulnerability waiting
to happen. For user-generated content, I suggest using Textile parser built
into Lift.
In any case, if you don't have a NodeSeq in your data structure, you'll have
to parse it into XML before displaying it.
>
> On Oct 21, 1:03 am, jack wrote:
> > I have the following method display. source.body has html tags in it
> > but the actual tags are showing instead of being evaluated. e.g. I'm
> > seeing things like 'Hey There' instead of 'Hey There' in bold.
> > This method is in a CometActor and is running when the page is
> > rendered. Am I missing something obvious?
> >
> > def display(sources:List[Source]):NodeSeq = {
> >
> >
> > {
> >for {source <- sources} yield {source.body}
> > }
> >
> >
> >
> > }
> >
>
--
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Surf the harmonics
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
OK, I see why this is happening. the {exp} in the NodeSeq convert exp
to a String. So I did by creating a string and then converting it to a
NodeSeq at the end. Is there a way to do this without using and
intermediary string?
On Oct 21, 1:03 am, jack wrote:
> I have the following method display. source.body has html tags in it
> but the actual tags are showing instead of being evaluated. e.g. I'm
> seeing things like 'Hey There' instead of 'Hey There' in bold.
> This method is in a CometActor and is running when the page is
> rendered. Am I missing something obvious?
>
> def display(sources:List[Source]):NodeSeq = {
>
>
> {
> for {source <- sources} yield {source.body}
> }
>
>
>
> }
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---
