RE: displaying html in a cforms field
-Original Message- From: Fuad Efendi [mailto:[EMAIL PROTECTED] I think this is called cross site scripting attack and should be prevented... output field is simply a read-only widget with a value, and browsers should not interpret any pure HTML values of such objects... It's not the browser though. It is the server that is updating that and displaying what it likes. If it chooses to inject information from another site then it was done at the developers choice. Gary * The information contained in this message may be confidential or legally privileged and is intended for the addressee only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: displaying html in a cforms field
I think this is called cross site scripting attack and should be prevented... output field is simply a read-only widget with a value, and browsers should not interpret any pure HTML values of such objects... Marcel Rouwenhorst wrote: Is it possible to display formatted html in a cforms output field? -- View this message in context: http://www.nabble.com/displaying-html-in-a-cforms-field-tf985897.html#a7343464 Sent from the Cocoon - Users mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: displaying html in a cforms field
Hi, The problem is that the and are replaced with lt and gt. I use the setValue method on a org.apache.cocoon.forms.formmodel.Output (Widget) in a org.apache.cocoon.forms.event.ValueChangedListener. Thanks Marcel Van: Marcel Rouwenhorst [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 24 januari 2006 11:26 Aan: users@cocoon.apache.org Onderwerp: displaying html in a cforms field Hi, Is it possible to display formatted html in a cforms output field? Thanks Marcel
RE: displaying html in a cforms field
I was thinking of: cocoon/samples/blocks/forms/htmlarea [EMAIL PROTECTED] 2006/01/24 03:03 PM Thank you Derek,Could you give me a hint which example you mean?ThanksMarcel-Oorspronkelijk bericht-Van: Derek Hohls [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 24 januari 2006 13:35Aan: users@cocoon.apache.orgOnderwerp: Re: displaying html in a cforms fieldIn a word: yes - but this depends on the use of _javascript_;see the cocoon examples. [EMAIL PROTECTED] 2006/01/24 12:26 PM Hi, Is it possible to display formatted html in a cforms output field?ThanksMarcel-- This message is subject to the CSIR's copyright, terms and conditionsande-mail legal notice. Views expressed herein do not necessarily representtheviews of the CSIR.CSIR E-mail Legal Noticehttp://mail.csir.co.za/CSIR_eMail_Legal_Notice.html CSIR Copyright, Terms and Conditionshttp://mail.csir.co.za/CSIR_Copyright.html For electronic copies of the CSIR Copyright, Terms and Conditions andthe CSIRLegal Notice send a blank message with REQUEST LEGAL in the subject lineto[EMAIL PROTECTED]This message has been scanned for viruses and dangerous content byMailScanner, and is believed to be clean.-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED] -- This message is subject to the CSIR's copyright, terms and conditions and e-mail legal notice. Views expressed herein do not necessarily represent the views of the CSIR. CSIR E-mail Legal Notice CSIR Copyright, Terms and Conditions For electronic copies of the CSIR Copyright, Terms and Conditions and the CSIR Legal Notice send a blank message with "REQUEST LEGAL" in the subject line to CSIR HelpDesk This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
RE: displaying html in a cforms field
Hi, Im not interested in making a htmlarea. I like to make a output field that contains a html fragment. This html fragment should also be displayed as html and be not escaped with lt; and gt; If I look at my html output I see the following code: span id=bloglt;div xmlns=http://www.w3.org/1999/xhtmlgt;lt;a href="" class=entity>gt;Joost Kitesurfing Bloglt;/agt;lt;br/gt;lt;/divgt;/span This should be something like this: span id=blogdiv xmlns=\http://www.w3.org/1999/xhtml\a href="" Kitesurfing Blog/abr//div/span I use the setValue(div xmlns/div); method on a org.apache.cocoon.forms.formmodel.Output (Widget) in a org.apache.cocoon.forms.event.ValueChangedListener. Thank you, Marcel Marcel Rouwenhorst Mobillion B.V. Copernicuslaan 30 6716 BM Ede Postbus 554 6710 BN Ede 0318-648833 Van: Derek Hohls [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 24 januari 2006 15:05 Aan: users@cocoon.apache.org Onderwerp: RE: displaying html in a cforms field I was thinking of: cocoon/samples/blocks/forms/htmlarea [EMAIL PROTECTED] 2006/01/24 03:03 PM Thank you Derek, Could you give me a hint which example you mean? Thanks Marcel -Oorspronkelijk bericht- Van: Derek Hohls [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 24 januari 2006 13:35 Aan: users@cocoon.apache.org Onderwerp: Re: displaying html in a cforms field In a word: yes - but this depends on the use of _javascript_; see the cocoon examples. [EMAIL PROTECTED] 2006/01/24 12:26 PM Hi, Is it possible to display formatted html in a cforms output field? ThanksMarcel -- This message is subject to the CSIR's copyright, terms and conditions and e-mail legal notice. Views expressed herein do not necessarily represent the views of the CSIR. CSIR E-mail Legal Notice http://mail.csir.co.za/CSIR_eMail_Legal_Notice.html CSIR Copyright, Terms and Conditions http://mail.csir.co.za/CSIR_Copyright.html For electronic copies of the CSIR Copyright, Terms and Conditions and the CSIR Legal Notice send a blank message with REQUEST LEGAL in the subject line to [EMAIL PROTECTED] This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- This message is subject to the CSIR's copyright, terms and conditions and e-mail legal notice. Views expressed herein do not necessarily represent the views of the CSIR. CSIR E-mail Legal Notice CSIR Copyright, Terms and Conditions For electronic copies of the CSIR Copyright, Terms and Conditions and the CSIR Legal Notice send a blank message with "REQUEST LEGAL" in the subject line to CSIR HelpDesk This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.