Thanks all the way Andrew. This was the perfect solution to my problem, for
which I wasted a day. One more thing, if you wish to, please give me some
info about XSS attack, how can we ignorantly get caught in it and measures
taken to prevent XSS attacks.
On Tuesday, December 16, 2014 1:20:20 AM UTC+5:30, Andrew wrote:
>
> Hey there if I understand correctly you want to not display html but the
> formatted output. If so then use this in your view and add any html you
> would like to allow.
>
> {{=XML(row.textfromeditor, sanitize=True, permitted_tags=['a', 'b',
> 'blockquote', 'br', 'i', 'li',
> 'ol', 'ul', 'p', 'cite',
> 'code', 'pre', 'img'],
> allowed_attributes={'a':['href', 'title'],
> 'img':['src', 'alt'],
> 'blockquote':['type']})}}
>
>
>
> or do this which I highly suggest not doing {{=XML(row.textfromeditor,
> sanitize=False)}}
>
> *cheers
>
>
> On Mon, Dec 15, 2014 at 6:50 AM, Ramashish Gaurav <ramas...@gmail.com
> <javascript:>> wrote:
>>
>> Dear Andrew,
>>
>> Many thanks for your response and elaborate explanation of installation
>> of ck-editor. However I used another light weight editor nicEdit since the
>> installation was pretty easy as directed at http://nicedit.com/ .
>> However I am in a problem, not related to installation of editors, but in
>> showing of html doc after being saved from the textarea.
>>
>> The content from the textarea in HTML used with nicEdit, is in html
>> format. After getting the html coded text from textarea and saving it in
>> database, I need to redisplay it on demand. I tried to use textarea with
>> read only mode to display the html text in formatted form, searched for
>> hours on internet but with no luck. Textarea always showed the raw html
>> code instead of formatted one. Also I read that it can be done via an
>> editor only, not textarea. So used nicEdit again, but don't know to use it
>> in read only mode. stackoverflow had a post related to the similar problem
>> of using nicEdit with disabled edit option, but it did not come to my
>> rescue. I implemented the code posted there in answer, but was not able to
>> set nicEdit in read only mode. Here is the link.
>>
>> http://stackoverflow.com/questions/4282446/how-to-set-nicedit-uneditable
>>
>> If you do know to display the html coded text in formatted way via
>> nicEdit or any other way round, I'd appreciate your help.
>>
>> Here is the code I have implemented:
>>
>> {{extend 'layout.html'}}
>> <head>
>>
>> <script src="http://js.nicedit.com/nicEdit-latest.js";
>> type="text/javascript"></script>
>> <script type="text/javascript" src="jquery-1.11.1.js"></script>
>> <script
>> type="text/javascript">bkLib.onDomLoaded(nicEditors.allTextAreas);</script>
>> <script type="text/javascript" src="
>> http://js.nicedit.com/nicEdit-latest.js";>
>> //<![CDATA[
>> bkLib.onDomLoaded(funtion(){
>> var myNicEditor =
>> new nicEditor();
>>
>> myNicEditor.addInstance("nice");
>>
>> nicEditors.findEditor("nice").disable();
>> });
>>
>> //]]> </script>
>>
>> </head>
>>
>> <body>
>> {{for row in rows:}}
>> <textarea id="nice">{{=row.textfromeditor}}</textarea>
>> {{pass}}
>>
>> </body>
>>
>>
>> On Monday, December 15, 2014 6:45:52 AM UTC+5:30, Andrew wrote:
>>>
>>> Your error at this point isn't from ckeditor but you are using a
>>> reserved sql keyword in your database table/field. I suggest removing this
>>> line *check_reserved=['all']* or change the name of one of the
>>> fields/tables in question.
>>>
>>> As a side reference here is a brief bit of info for implementing
>>> ckeditor.
>>>
>>> I haven't used ckeditor in a long time but if the code remains the same
>>> then you can do this.
>>>
>>> in db.py add:
>>>
>>> def advanced_editor(field, value):
>>> return TEXTAREA(_id = str(field).replace('.','_'), _name=field.name,
>>> _class='text ckeditor', value=value, _cols=80, _rows=10)
>>>
>>> For the text field you use this as an example:
>>> Field('body', 'text', widget=advanced_editor))
>>>
>>> In your template file example layout.html add the path to ckeditor:
>>> <script type="text/javascript" src="{{=URL(request.
>>> application,'static','ckeditor/ckeditor.js')}}"></script>
>>>
>>> Then choose to sanitize or not the input. Depending if other users will
>>> submit your form then I would choose to sanitize info:
>>>
>>> Example sanitized:
>>> {{=XML(query.body,sanitize=True,
>>> permitted_tags=['a', 'b', 'blockquote', 'br', 'i', 'li',
>>> 'ol', 'ul', 'p', 'cite',
>>> 'code', 'pre', 'img'],
>>> allowed_attributes={'a':['href', 'title'],
>>> 'img':['src', 'alt'],
>>> 'blockquote':['type']})}}
>>>
>>> Example unsanitized: {{=XML(query.body,sanitize=False)}}
>>>
>>> you can choose what values you will allow to be displayed for that form
>>> code in the ckeditor config. I don't remember if there is anything you need
>>> to do in the controller files but looking at code I don't believe so.
>>>
>>> *cheers!
>>>
>>> On Wed, Dec 10, 2014 at 10:50 PM, Ramashish Gaurav <ramas...@gmail.com>
>>> wrote:
>>>
>>>>
>>>> Hi all !
>>>>
>>>> First of all, I am a newbie in web2py.
>>>> I am working on a project and need to install an editor plugin in my
>>>> web2py app named "editor". After hours of search I got ck_editor4
>>>> plugin <http://www.web2pyslices.com/slice/show/1952/ck-editor4-plugin> ,
>>>> installed it and then made some changes in models and views of my
>>>> application. Changes were made in :
>>>>
>>>> 1: editor/models/db1.py
>>>> Contents are :
>>>>
>>>> # -*- coding: utf-8 -*-
>>>> from plugin_ckeditor import CKEditor
>>>> ckeditor = CKEditor(db)
>>>> ckeditor.define_tables()
>>>>
>>>> db.define_table('content', Field('title', length=255),
>>>> Field('public', 'boolean', default=True),
>>>> Field('text', 'text', widget=ckeditor.widget) )
>>>>
>>>> 2: editor/views/default/index.html
>>>> Contents are:
>>>>
>>>> {{=ckeditor.edit_in_place('.editable', URL())}}
>>>>
>>>> After opening the index page in browser a ticket was raised which says
>>>> this:
>>>>
>>>> Traceback (most recent call last):
>>>> File "gluon/restricted.py", line 224, in restricted
>>>> File "C:/Users/Ramashish
>>>> Gaurav/Downloads/web2py_win/web2py/applications/editor/models/db1.py"
>>>> <http://127.0.0.1:8000/admin/default/edit/editor/models/db1.py>, line 4,
>>>> in <module>
>>>> ckeditor.define_tables()
>>>> File "applications\editor\modules\plugin_ckeditor.py", line 59, in
>>>> define_tables
>>>> fake_migrate = fake_migrate,
>>>> File "gluon/dal.py", line 8414, in define_table
>>>> File "gluon/dal.py", line 8430, in lazy_define_table
>>>> File "gluon/dal.py", line 8952, in __init__
>>>> File "gluon/dal.py", line 8119, in check_reserved_keyword
>>>> SyntaxError: invalid table/column name "length" is a "ALL" reserved
>>>> SQL/NOSQL keyword
>>>>
>>>> Please help me regarding this issue (May be I am not placing the right
>>>> code at right place).
>>>> (I don't know whether this editor will support programming languages
>>>> like C, C++ etc, so if you have got any new simple programming language
>>>> based editor for web2py app, I'll be happy to install that)
>>>>
>>>> --
>>>> Resources:
>>>> - http://web2py.com
>>>> - http://web2py.com/book (Documentation)
>>>> - http://github.com/web2py/web2py (Source code)
>>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "web2py-users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to web2py+un...@googlegroups.com.
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to web2py+un...@googlegroups.com <javascript:>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
