Okay, so it's just as f***ed... or actually more-so because now I need a
solution to the native solution, because if I'm right about the results I
got this means no-one can enter html entities in form fields in CF and get
html entities on the action page, whether they're using htmleditformat() or
not:
<cfset variables.storage = expandpath("temp.html") />
<cfif structkeyexists(form,"html")>
<cffile action="WRITE" file="#variables.storage#" output="#form.html#"
addnewline="no" />
</cfif>
<cfoutput>
<cfif fileexists(variables.storage)>
<cffile action="READ" file="#variables.storage#" variable="form.html"
/>
<cfelse>
<cfsavecontent variable="form.html"
><form name="frmDisplay" action="#cgi.SCRIPT_NAME#" method="post">
<textarea name="display" cols="40"
rows="5"></textarea><br>
<input type="submit" value="Update"></form></cfsavecontent>
</cfif>
<form name="frmDisplay" action="#cgi.SCRIPT_NAME#" method="post">
<textarea name="html" cols="40" rows="5">#form.html#</textarea><br>
<input type="submit" value="Update"></form>
</cfoutput>
<cfif fileexists(variables.storage)>
<cfinclude template="temp.html" />
</cfif>
Try this (I'm using CF 5 Win2K Server IIS 5) -- save it a couple times,
you'll see what I was saying about the other half of the problem. You can't
put html entities in the form and have them save as html entities.
So it's actually worse than I thought it was, because once the form field
has been submitted and all the html entities have been converted back to <>"
etc there's no way to distinguish what was supposed to be html from what was
supposed to be entities.
That's a real good way to move forward with XML and XHTML. <not />
s. isaac dealey 954-776-0046
new epoch http://www.turnkey.to
lead architect, tapestry cms http://products.turnkey.to
certified advanced coldfusion 5 developer
http://www.macromedia.com/v1/handlers/index.cfm?ID=21816
> Run the code... then tell me it still won't work that way.
> Is it possible
> you're wrong?
> Steve
> -----Original Message-----
> From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, November 26, 2002 1:53 PM
> To: CF-Talk
> Subject: RE: Writing a file with CFFILE
> umm... no ...
> htmleditformat() converts potentially harmful characters (
> <,> " etc ) into
> html entities. An html entity is used to place characters
> in the display of
> an html page which aren't supposed to be allowed (
> although browsers often
> if not usually allow them anyway ) in an html document
> without being part of
> an html tag. htmleditformat(0 is a one-way conversion. You
> can of course,
> unhtmleditformat() a variable manually, however, doing so
> prevents you from
> placing proper html entities in the field since they would
> likely all be
> converted back into the <>" etc which aren't supposed to
> appear in properly
> formatted html documents.
> <cfsavecontent variable="myvar">
> <textarea name="helloworld"></textarea>
> </cfsavecontetn>
> <cfoutput>
> <div>myvar = #myvar#</div>
> <div>htmleditformat(myvar) =
> #htmleditformat(myvar)#</div>
> </cfoutput>
> since these 2 lines are not the same, and the contents of
> a textarea field
> are passed literally ( they're not translated by the form
> submission ), the
> content of myvar becomes what you see on line 2 after it's
> been converted
> the first time with htmleditformat().
> Unless this is a very new feature of CFMX that I've not
> heard about which
> automatically reverts the string after a form submission.
> Although I would
> doubt it considering that this would prevent people being
> able to enter html
> entities into form fields and get html entities on the
> action page.
> Off the top of my head, I'm not sure what's up with your
> example -- I
> haven't tested it on my machine. If it is working, one of
> two things are
> happening -- there's more code involved than in your
> example ( an
> application.cfm maybe ) _or_ there's a bug somewhere,
> because it's not
> supposed to work that way.
> s. isaac dealey 954-776-0046
> new epoch http://www.turnkey.to
> lead architect, tapestry cms http://products.turnkey.to
> certified advanced coldfusion 5 developer
> http://www.macromedia.com/v1/handlers/index.cfm?ID=21816
>> Actually.... yes. Run this code in a blank page and save
>> all day. Check
>> the
>> results in studio. As was my original problem, you are
>> over thinking this.
>> This is exactly what HTMLEditFormat() was designed for.
>> Hope this clear up
>> the confusion....
>> <!--- Snip --->
>> <cfif isDefined('form.fieldnames')>
>> <cffile action="WRITE" file="#PATH_TRANSLATED#"
>> output="#form.display#"
>> addnewline="Yes">
>> </cfif>
>> <cffile action="READ" file="#PATH_TRANSLATED#"
>> variable="output">
>> <form name="frmDisplay"
>> action="<cfoutput>#SCRIPT_NAME#</cfoutput>"
>> method="post">
>> <textarea name="display"
>> style="width:500px;height:400px"><cfoutput>#HTMLEditForma
>> t(output)#</cfout
>> pu
>> t></textarea><br>
>> <input type="submit" value="Update">
>> </form>
>> <!--- Snip --->
>> Steve
>> -----Original Message-----
>> From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]]
>> Sent: Tuesday, November 26, 2002 1:05 PM
>> To: CF-Talk
>> Subject: RE: Writing a file with CFFILE
>> umm... no ...
>> Try this
>> <input type="text" name="name"
>> value="#htmleditformat(myvar)#">
>> Then type 'Jim "the Man" davis' into that form field,
>> drop it into a
>> persistent variable or a database, retrieve it from that
>> location and
>> populate the form with it (as above), submit the form and
>> save it to the
>> same place. It _does_ change the content. You wind up
>> with 'Jim "the
>> Man" Davis' as your content.
>> I've seen people sometimes use ReplaceNoCase() to convert
>> " and other
>> html entities into double-quotes on the action page, but
>> then no-one can
>> enter an html entity in the form field, because those get
>> converted.
>> It's a lose-lose situation.
>> Same story with textareas.
>> <textarea name="myhtml"><cfoutput>#mytextarea#</cfoutput>
>> </textarea>
>> Do the same thing you did with the text field here, only
>> instead of
>> double-quotes, this time enter '<textarea
>> name="somethingelse"></textarea>'
>> into the field. After you've edited it once, you no
>> longer have html
>> content
>> you now have <textarea
>> name="somethingelse"></textarea> ...
>> I don't make this stuff up.
>> s. isaac dealey 954-776-0046
>> new epoch http://www.turnkey.to
>> lead architect, tapestry cms http://products.turnkey.to
>> certified advanced coldfusion 5 developer
>> http://www.macromedia.com/v1/handlers/index.cfm?ID=21816
>>> Yes...it is. I am using just as you described and it is
>>> perfect!
>>> Thanks,
>>> Steve
>>> -----Original Message-----
>>> From: Kwang Suh [mailto:[EMAIL PROTECTED]]
>>> Sent: Tuesday, November 26, 2002 10:51 AM
>>> To: CF-Talk
>>> Subject: RE: Writing a file with CFFILE
>>> Used properly, HTMLEditFormat() does not change the
>>> content.
>>> If you type "Hello & Goodbye", into a form field, once
>>> submitted, it
>>> becomes:
>>> "Hello & Goodbye"
>>> So, this is what you insert into the database.
>>> Now, when you *display* the contents of that form field,
>>> *if* you *don't*
>>> want the browser to parse it, then use HTMLEditFormat().
>>> For instance, let's say we let the user edit that text
>>> again in a form
>>> field. Using HTMLEditFormat() within the value
>>> attribute of a form
>>> field,
>>> you will get:
>>> "Hello & Goodbye"
>>> *But* when the form is submitted, you get:
>>> "Hello & Goodbye"
>>> Using HTMLEditFormat() *is* the perfect, easy solution!
>>>> -----Original Message-----
>>>> From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]]
>>>> Sent: Tuesday, November 26, 2002 7:36 AM
>>>> To: CF-Talk
>>>> Subject: RE: Writing a file with CFFILE
>>>>
>>>>
>>>> You mean enabled -- or doesn't disable js... This is
>>>> true -- but it's
>>>> the
>>>> only way I know of to preserve the original format of
>>>> the text,
>>>> including
>>>> html, and allow it to be updated after the fact.
>>>> HTMLEditFormat() or any
>>>> other kind of string manipulation going into the form
>>>> field will
>>>> change the
>>>> content in some way after the first edit. So there
>>>> really is no perfect
>>>> solution -- either you lose the original format, or you
>>>> rely on
>>>> javascript
>>>> which could potentially be disabled.
>>>>
>>>> > Unless the client has JS disabled. Then this method
>>>> > won't
>>>> > work at all.
>>>>
>>>> > --
>>>> > Mosh Teitelbaum
>>>> > evoch, LLC
>>>> > Tel: (301) 625-9191
>>>> > Fax: (301) 933-3651
>>>> > Email: [EMAIL PROTECTED]
>>>> > WWW: http://www.evoch.com/
>>>>
>>>>
>>>> >> -----Original Message-----
>>>> >> From: S. Isaac Dealey [mailto:[EMAIL PROTECTED]]
>>>> >> Sent: Monday, November 25, 2002 11:07 PM
>>>> >> To: CF-Talk
>>>> >> Subject: RE: Writing a file with CFFILE
>>>> >>
>>>> >>
>>>> >> Not necessarily. Assuming you want to be able to
>>>> >> enter
>>>> >> text areas and the
>>>> >> like (or any html actually) in your textarea, using
>>>> >> htmledit format will
>>>> >> allow you to enter it once -- but never update it
>>>> >> after
>>>> >> the fact because
>>>> >> when you save it the 2nd time, it's no longer html
>>>> >> code.
>>>> >> The email I just
>>>> >> sent off a moment ago explains a method (afaik the
>>>> >> only
>>>> >> method) of
>>>> >> preserving the content in its original format, so
>>>> >> it's
>>>> >> still
>>>> >> viable as html
>>>> >> even after it's been saved several times.
>>>> >>
>>>> >> > Nevermind... I'm an idiot over thinking the
>>>> >> > basics...
>>>> >> > HTMLEditFormat()..!
>>>> >>
>>>> >> > hehe,
>>>> >> > Steve
>>>> >>
>>>> >> > -----Original Message-----
>>>> >> > From: Steve Reich
>>>> >> > [mailto:[EMAIL PROTECTED]]
>>>> >> > Sent: Monday, November 25, 2002 9:26 PM
>>>> >> > To: CF-Talk
>>>> >> > Subject: RE: Writing a file with CFFILE
>>>> >>
>>>> >>
>>>> >> >> I'm guessing you're using MX ... Probably using
>>>> >> >> setEncoding() whether you
>>>> >> >> specify ISO latin or UTF-8 on the form scope on
>>>> >> >> the
>>>> >> >> action page will
>>>> >> > resolve
>>>> >> >> the issue... I'd likely place it in the
>>>> >> >> application.cfm
>>>> >> >> and apply it to
>>>> >> > both
>>>> >> >> form and url.
>>>> >>
>>>> >>
>>>> >> > Thanks! That fixed that problem. I have another
>>>> >> > one
>>>> >> > now....
>>>> >>
>>>> >> > If I call a file like this...
>>>> >>
>>>> >> > <cffile action="READ" file="#page#"
>>>> >> > variable="output">
>>>> >>
>>>> >> > . then display it like this....
>>>> >>
>>>> >> > <textarea
>>>> >> > name="contents"><cfoutput>#output#</cfoutput></tex
>>>> >> > tarea
>>>> >> > >
>>>> >>
>>>> >> > . I run into a problem if the variable output has
>>>> >> > a
>>>> >> > textarea tag contained
>>>> >> > within it. It sees the closing textarea tag in the
>>>> >> > output
>>>> >> > variable as the
>>>> >> > closing tag for the textarea used to display the
>>>> >> > variable.
>>>> >> > All code after
>>>> >> > the closing textarea is executed in the browser.
>>>> >>
>>>> >> > Example:
>>>> >>
>>>> >> > output = <textarea name="foo">This is some
>>>> >> > text</textarea><br>Then some
>>>> >> > other stuff
>>>> >>
>>>> >>
>>>> >> > <textarea
>>>> >> > name="contents'><cfoutput>#output#</cfoutput></tex
>>>> >> > tarea
>>>> >> > >
>>>> >>
>>>> >> > .equals....
>>>> >>
>>>> >>
>>>> >> > <textarea name="contents'></textarea><br>Then some
>>>> >> > other
>>>> >> > stuff</textarea>
>>>> >>
>>>> >> > I get a textarea with this:
>>>> >> > <textarea name="foo">This is some text
>>>> >>
>>>> >> > Then some other stuff. Kind of a bitch to explain.
>>>> >> > Help!
>>>> >>
>>>> >>
>>>> >>
>>>> >> > TIA,
>>>> >> > Steve
>>>> >>
>>>> >>
>>>> >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>> >> > ~~~~~
>>>> >> > ~~~
>>>> >> > ~~~~~~~~~~~|
>>>> >> > Archives:
>>>> >> > http://www.houseoffusion.com/cf_lists/index.cfm?fo
>>>> >> > rumid
>>>> >> > =4
>>>> >> > Subscription:
>>>> >> > http://www.houseoffusion.com/cf_lists/index.
>>>> >> > cfm?method=subscribe&forumid=4
>>>> >> > FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
>>>> >> > This list and all House of Fusion resources hosted
>>>> >> > by
>>>> >> > CFHosting.com. The place for dependable ColdFusion
>>>> >> > Hosting.
>>>> >>
>>>> >>
>>>> >> s. isaac dealey 954-776-0046
>>>> >>
>>>> >> new epoch http://www.turnkey.to
>>>> >>
>>>> >> lead architect, tapestry cms
>>>> >> http://products.turnkey.to
>>>> >>
>>>> >> certified advanced coldfusion 5 developer
>>>> >> http://www.macromedia.com/v1/handlers/index.cfm?ID=2
>>>> >> 1816
>>>> >>
>>>> >>
>>>> >>
>>>> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>> > ~~~~~
>>>> > ~~~~~~~~~~~|
>>>> > Archives:
>>>> > http://www.houseoffusion.com/cf_lists/index.cfm?forum
>>>> > id=4
>>>> > Subscription:
>>>> > http://www.houseoffusion.com/cf_lists/index.
>>>> > cfm?method=subscribe&forumid=4
>>>> > FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
>>>> > Signup for the Fusion Authority news alert and keep
>>>> > up
>>>> > with the latest news in ColdFusion and related
>>>> > topics.
>>>> > http://www.fusionauthority.com/signup.cfm
>>>>
>>>>
>>>> s. isaac dealey 954-776-0046
>>>>
>>>> new epoch http://www.turnkey.to
>>>>
>>>> lead architect, tapestry cms
>>>> http://products.turnkey.to
>>>>
>>>> certified advanced coldfusion 5 developer
>>>> http://www.macromedia.com/v1/handlers/index.cfm?ID=2181
>>>> 6
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
