On Tue, Oct 20, 2009 at 10:16 PM, jack <[email protected]> wrote:
>
> OK, I see why this is happening. the {exp} in the NodeSeq convert exp
> to a String. So I did by creating a string and then converting it to a
> NodeSeq at the end. Is there a way to do this without using and
> intermediary string?
>
I don't know what a source is, but you really, really have to be careful
about promoting a String to a NodeSeq. If the String has user-generated
content in it, then you've got a cross-site scripting vulnerability waiting
to happen. For user-generated content, I suggest using Textile parser built
into Lift.
In any case, if you don't have a NodeSeq in your data structure, you'll have
to parse it into XML before displaying it.
>
> On Oct 21, 1:03 am, jack <[email protected]> wrote:
> > I have the following method display. source.body has html tags in it
> > but the actual tags are showing instead of being evaluated. e.g. I'm
> > seeing things like '<b>Hey There</b>' instead of 'Hey There' in bold.
> > This method is in a CometActor and is running when the page is
> > rendered. Am I missing something obvious?
> >
> > def display(sources:List[Source]):NodeSeq = {
> >
> > <span id="joop"><table>
> > {
> > for {source <- sources} yield <tr><td>{source.body}</td></tr>
> > }
> >
> > </table>
> > </span>
> > }
> >
>
--
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Surf the harmonics
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~----------~----~----~----~------~----~------~--~---
