[Lift] Re: html not being evalutated
I think another solution is an Unparsed node. When the XML is converted to a
string it will be outputed verbatim.
-
jackjack.wid...@gmail.com wrote:
Let's say source.body is ahref=google.comSearch/a. If I put
source.body in a span like this -
span{source.body}/span
source.body will be converted to text and the actual link tags will be
displayed. What is the right way to do this?
On Oct 21, 9:06 am, David Pollak feeder.of.the.be...@gmail.com
wrote:
On Tue, Oct 20, 2009 at 10:16 PM, jack jack.wid...@gmail.com wrote:
OK, I see why this is happening. the {exp} in the NodeSeq convert exp
to a String. So I did by creating a string and then converting it to a
NodeSeq at the end. Is there a way to do this without using and
intermediary string?
I don't know what a source is, but you really, really have to be careful
about promoting a String to a NodeSeq. If the String has user-generated
content in it, then you've got a cross-site scripting vulnerability waiting
to happen. For user-generated content, I suggest using Textile parser built
into Lift.
In any case, if you don't have a NodeSeq in your data structure, you'll have
to parse it into XML before displaying it.
On Oct 21, 1:03 am, jack jack.wid...@gmail.com wrote:
I have the following method display. source.body has html tags in it
but the actual tags are showing instead of being evaluated. e.g. I'm
seeing things like 'bHey There/b' instead of 'Hey There' in bold.
This method is in a CometActor and is running when the page is
rendered. Am I missing something obvious?
def display(sources:List[Source]):NodeSeq = {
span id=jooptable
{
for {source - sources} yield trtd{source.body}/td/tr
}
/table
/span
}
--
Lift, the simply functional web frameworkhttp://liftweb.net
Beginning Scalahttp://www.apress.com/book/view/1430219890
Follow me:http://twitter.com/dpp
Surf the harmonics
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
On Tue, Oct 20, 2009 at 10:16 PM, jack jack.wid...@gmail.com wrote:
OK, I see why this is happening. the {exp} in the NodeSeq convert exp
to a String. So I did by creating a string and then converting it to a
NodeSeq at the end. Is there a way to do this without using and
intermediary string?
I don't know what a source is, but you really, really have to be careful
about promoting a String to a NodeSeq. If the String has user-generated
content in it, then you've got a cross-site scripting vulnerability waiting
to happen. For user-generated content, I suggest using Textile parser built
into Lift.
In any case, if you don't have a NodeSeq in your data structure, you'll have
to parse it into XML before displaying it.
On Oct 21, 1:03 am, jack jack.wid...@gmail.com wrote:
I have the following method display. source.body has html tags in it
but the actual tags are showing instead of being evaluated. e.g. I'm
seeing things like 'bHey There/b' instead of 'Hey There' in bold.
This method is in a CometActor and is running when the page is
rendered. Am I missing something obvious?
def display(sources:List[Source]):NodeSeq = {
span id=jooptable
{
for {source - sources} yield trtd{source.body}/td/tr
}
/table
/span
}
--
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Surf the harmonics
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
Let's say source.body is ahref=google.comSearch/a. If I put
source.body in a span like this -
span{source.body}/span
source.body will be converted to text and the actual link tags will be
displayed. What is the right way to do this?
On Oct 21, 9:06 am, David Pollak feeder.of.the.be...@gmail.com
wrote:
On Tue, Oct 20, 2009 at 10:16 PM, jack jack.wid...@gmail.com wrote:
OK, I see why this is happening. the {exp} in the NodeSeq convert exp
to a String. So I did by creating a string and then converting it to a
NodeSeq at the end. Is there a way to do this without using and
intermediary string?
I don't know what a source is, but you really, really have to be careful
about promoting a String to a NodeSeq. If the String has user-generated
content in it, then you've got a cross-site scripting vulnerability waiting
to happen. For user-generated content, I suggest using Textile parser built
into Lift.
In any case, if you don't have a NodeSeq in your data structure, you'll have
to parse it into XML before displaying it.
On Oct 21, 1:03 am, jack jack.wid...@gmail.com wrote:
I have the following method display. source.body has html tags in it
but the actual tags are showing instead of being evaluated. e.g. I'm
seeing things like 'bHey There/b' instead of 'Hey There' in bold.
This method is in a CometActor and is running when the page is
rendered. Am I missing something obvious?
def display(sources:List[Source]):NodeSeq = {
span id=jooptable
{
for {source - sources} yield trtd{source.body}/td/tr
}
/table
/span
}
--
Lift, the simply functional web frameworkhttp://liftweb.net
Beginning Scalahttp://www.apress.com/book/view/1430219890
Follow me:http://twitter.com/dpp
Surf the harmonics
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
On Wed, Oct 21, 2009 at 6:32 AM, jack jack.wid...@gmail.com wrote:
Let's say source.body is ahref=google.comSearch/a. If I put
source.body in a span like this -
span{source.body}/span
source.body will be converted to text and the actual link tags will be
displayed. What is the right way to do this?
How was source.body generated?
On Oct 21, 9:06 am, David Pollak feeder.of.the.be...@gmail.com
wrote:
On Tue, Oct 20, 2009 at 10:16 PM, jack jack.wid...@gmail.com wrote:
OK, I see why this is happening. the {exp} in the NodeSeq convert exp
to a String. So I did by creating a string and then converting it to a
NodeSeq at the end. Is there a way to do this without using and
intermediary string?
I don't know what a source is, but you really, really have to be careful
about promoting a String to a NodeSeq. If the String has user-generated
content in it, then you've got a cross-site scripting vulnerability
waiting
to happen. For user-generated content, I suggest using Textile parser
built
into Lift.
In any case, if you don't have a NodeSeq in your data structure, you'll
have
to parse it into XML before displaying it.
On Oct 21, 1:03 am, jack jack.wid...@gmail.com wrote:
I have the following method display. source.body has html tags in it
but the actual tags are showing instead of being evaluated. e.g. I'm
seeing things like 'bHey There/b' instead of 'Hey There' in bold.
This method is in a CometActor and is running when the page is
rendered. Am I missing something obvious?
def display(sources:List[Source]):NodeSeq = {
span id=jooptable
{
for {source - sources} yield trtd{source.body}/td/tr
}
/table
/span
}
--
Lift, the simply functional web frameworkhttp://liftweb.net
Beginning Scalahttp://www.apress.com/book/view/1430219890
Follow me:http://twitter.com/dpp
Surf the harmonics
--
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Surf the harmonics
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
Oops. I just noticed I made source.body a String and not a NodeSeq.
Sometimes source.body is text with html tags in it. Like -
Hey dude, bwhat/b are you doing?
I guess I should make it a NodeSeq. Sorry about that.
Jack
On Wed, Oct 21, 2009 at 9:33 AM, David Pollak feeder.of.the.be...@gmail.com
wrote:
On Wed, Oct 21, 2009 at 6:32 AM, jack jack.wid...@gmail.com wrote:
Let's say source.body is ahref=google.comSearch/a. If I put
source.body in a span like this -
span{source.body}/span
source.body will be converted to text and the actual link tags will be
displayed. What is the right way to do this?
How was source.body generated?
On Oct 21, 9:06 am, David Pollak feeder.of.the.be...@gmail.com
wrote:
On Tue, Oct 20, 2009 at 10:16 PM, jack jack.wid...@gmail.com wrote:
OK, I see why this is happening. the {exp} in the NodeSeq convert exp
to a String. So I did by creating a string and then converting it to a
NodeSeq at the end. Is there a way to do this without using and
intermediary string?
I don't know what a source is, but you really, really have to be careful
about promoting a String to a NodeSeq. If the String has user-generated
content in it, then you've got a cross-site scripting vulnerability
waiting
to happen. For user-generated content, I suggest using Textile parser
built
into Lift.
In any case, if you don't have a NodeSeq in your data structure, you'll
have
to parse it into XML before displaying it.
On Oct 21, 1:03 am, jack jack.wid...@gmail.com wrote:
I have the following method display. source.body has html tags in it
but the actual tags are showing instead of being evaluated. e.g. I'm
seeing things like 'bHey There/b' instead of 'Hey There' in
bold.
This method is in a CometActor and is running when the page is
rendered. Am I missing something obvious?
def display(sources:List[Source]):NodeSeq = {
span id=jooptable
{
for {source - sources} yield trtd{source.body}/td/tr
}
/table
/span
}
--
Lift, the simply functional web frameworkhttp://liftweb.net
Beginning Scalahttp://www.apress.com/book/view/1430219890
Follow me:http://twitter.com/dpp
Surf the harmonics
--
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Surf the harmonics
--
Jack
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
Like David said, be very careful about using NodeSeqs if you're taking
user-generated content, since that can lead directly to cross-site scripting
attacks and other nastiness.
Derek
On Wed, Oct 21, 2009 at 7:41 AM, Jack Widman jack.wid...@gmail.com wrote:
Oops. I just noticed I made source.body a String and not a NodeSeq.
Sometimes source.body is text with html tags in it. Like -
Hey dude, bwhat/b are you doing?
I guess I should make it a NodeSeq. Sorry about that.
Jack
On Wed, Oct 21, 2009 at 9:33 AM, David Pollak
feeder.of.the.be...@gmail.com wrote:
On Wed, Oct 21, 2009 at 6:32 AM, jack jack.wid...@gmail.com wrote:
Let's say source.body is ahref=google.comSearch/a. If I put
source.body in a span like this -
span{source.body}/span
source.body will be converted to text and the actual link tags will be
displayed. What is the right way to do this?
How was source.body generated?
On Oct 21, 9:06 am, David Pollak feeder.of.the.be...@gmail.com
wrote:
On Tue, Oct 20, 2009 at 10:16 PM, jack jack.wid...@gmail.com wrote:
OK, I see why this is happening. the {exp} in the NodeSeq convert exp
to a String. So I did by creating a string and then converting it to
a
NodeSeq at the end. Is there a way to do this without using and
intermediary string?
I don't know what a source is, but you really, really have to be
careful
about promoting a String to a NodeSeq. If the String has
user-generated
content in it, then you've got a cross-site scripting vulnerability
waiting
to happen. For user-generated content, I suggest using Textile parser
built
into Lift.
In any case, if you don't have a NodeSeq in your data structure, you'll
have
to parse it into XML before displaying it.
On Oct 21, 1:03 am, jack jack.wid...@gmail.com wrote:
I have the following method display. source.body has html tags in
it
but the actual tags are showing instead of being evaluated. e.g.
I'm
seeing things like 'bHey There/b' instead of 'Hey There' in
bold.
This method is in a CometActor and is running when the page is
rendered. Am I missing something obvious?
def display(sources:List[Source]):NodeSeq = {
span id=jooptable
{
for {source - sources} yield
trtd{source.body}/td/tr
}
/table
/span
}
--
Lift, the simply functional web frameworkhttp://liftweb.net
Beginning Scalahttp://www.apress.com/book/view/1430219890
Follow me:http://twitter.com/dpp
Surf the harmonics
--
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Surf the harmonics
--
Jack
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Lift group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~--~~~~--~~--~--~---
