[Lift] Re: html not being evalutated
I think another solution is an Unparsed node. When the XML is converted to a string it will be outputed verbatim. - jackjack.wid...@gmail.com wrote: Let's say source.body is ahref=google.comSearch/a. If I put source.body in a span like this - span{source.body}/span source.body will be converted to text and the actual link tags will be displayed. What is the right way to do this? On Oct 21, 9:06 am, David Pollak feeder.of.the.be...@gmail.com wrote: On Tue, Oct 20, 2009 at 10:16 PM, jack jack.wid...@gmail.com wrote: OK, I see why this is happening. the {exp} in the NodeSeq convert exp to a String. So I did by creating a string and then converting it to a NodeSeq at the end. Is there a way to do this without using and intermediary string? I don't know what a source is, but you really, really have to be careful about promoting a String to a NodeSeq. If the String has user-generated content in it, then you've got a cross-site scripting vulnerability waiting to happen. For user-generated content, I suggest using Textile parser built into Lift. In any case, if you don't have a NodeSeq in your data structure, you'll have to parse it into XML before displaying it. On Oct 21, 1:03 am, jack jack.wid...@gmail.com wrote: I have the following method display. source.body has html tags in it but the actual tags are showing instead of being evaluated. e.g. I'm seeing things like 'bHey There/b' instead of 'Hey There' in bold. This method is in a CometActor and is running when the page is rendered. Am I missing something obvious? def display(sources:List[Source]):NodeSeq = { span id=jooptable { for {source - sources} yield trtd{source.body}/td/tr } /table /span } -- Lift, the simply functional web frameworkhttp://liftweb.net Beginning Scalahttp://www.apress.com/book/view/1430219890 Follow me:http://twitter.com/dpp Surf the harmonics --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
On Tue, Oct 20, 2009 at 10:16 PM, jack jack.wid...@gmail.com wrote: OK, I see why this is happening. the {exp} in the NodeSeq convert exp to a String. So I did by creating a string and then converting it to a NodeSeq at the end. Is there a way to do this without using and intermediary string? I don't know what a source is, but you really, really have to be careful about promoting a String to a NodeSeq. If the String has user-generated content in it, then you've got a cross-site scripting vulnerability waiting to happen. For user-generated content, I suggest using Textile parser built into Lift. In any case, if you don't have a NodeSeq in your data structure, you'll have to parse it into XML before displaying it. On Oct 21, 1:03 am, jack jack.wid...@gmail.com wrote: I have the following method display. source.body has html tags in it but the actual tags are showing instead of being evaluated. e.g. I'm seeing things like 'bHey There/b' instead of 'Hey There' in bold. This method is in a CometActor and is running when the page is rendered. Am I missing something obvious? def display(sources:List[Source]):NodeSeq = { span id=jooptable { for {source - sources} yield trtd{source.body}/td/tr } /table /span } -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Surf the harmonics --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
Let's say source.body is ahref=google.comSearch/a. If I put source.body in a span like this - span{source.body}/span source.body will be converted to text and the actual link tags will be displayed. What is the right way to do this? On Oct 21, 9:06 am, David Pollak feeder.of.the.be...@gmail.com wrote: On Tue, Oct 20, 2009 at 10:16 PM, jack jack.wid...@gmail.com wrote: OK, I see why this is happening. the {exp} in the NodeSeq convert exp to a String. So I did by creating a string and then converting it to a NodeSeq at the end. Is there a way to do this without using and intermediary string? I don't know what a source is, but you really, really have to be careful about promoting a String to a NodeSeq. If the String has user-generated content in it, then you've got a cross-site scripting vulnerability waiting to happen. For user-generated content, I suggest using Textile parser built into Lift. In any case, if you don't have a NodeSeq in your data structure, you'll have to parse it into XML before displaying it. On Oct 21, 1:03 am, jack jack.wid...@gmail.com wrote: I have the following method display. source.body has html tags in it but the actual tags are showing instead of being evaluated. e.g. I'm seeing things like 'bHey There/b' instead of 'Hey There' in bold. This method is in a CometActor and is running when the page is rendered. Am I missing something obvious? def display(sources:List[Source]):NodeSeq = { span id=jooptable { for {source - sources} yield trtd{source.body}/td/tr } /table /span } -- Lift, the simply functional web frameworkhttp://liftweb.net Beginning Scalahttp://www.apress.com/book/view/1430219890 Follow me:http://twitter.com/dpp Surf the harmonics --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
On Wed, Oct 21, 2009 at 6:32 AM, jack jack.wid...@gmail.com wrote: Let's say source.body is ahref=google.comSearch/a. If I put source.body in a span like this - span{source.body}/span source.body will be converted to text and the actual link tags will be displayed. What is the right way to do this? How was source.body generated? On Oct 21, 9:06 am, David Pollak feeder.of.the.be...@gmail.com wrote: On Tue, Oct 20, 2009 at 10:16 PM, jack jack.wid...@gmail.com wrote: OK, I see why this is happening. the {exp} in the NodeSeq convert exp to a String. So I did by creating a string and then converting it to a NodeSeq at the end. Is there a way to do this without using and intermediary string? I don't know what a source is, but you really, really have to be careful about promoting a String to a NodeSeq. If the String has user-generated content in it, then you've got a cross-site scripting vulnerability waiting to happen. For user-generated content, I suggest using Textile parser built into Lift. In any case, if you don't have a NodeSeq in your data structure, you'll have to parse it into XML before displaying it. On Oct 21, 1:03 am, jack jack.wid...@gmail.com wrote: I have the following method display. source.body has html tags in it but the actual tags are showing instead of being evaluated. e.g. I'm seeing things like 'bHey There/b' instead of 'Hey There' in bold. This method is in a CometActor and is running when the page is rendered. Am I missing something obvious? def display(sources:List[Source]):NodeSeq = { span id=jooptable { for {source - sources} yield trtd{source.body}/td/tr } /table /span } -- Lift, the simply functional web frameworkhttp://liftweb.net Beginning Scalahttp://www.apress.com/book/view/1430219890 Follow me:http://twitter.com/dpp Surf the harmonics -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Surf the harmonics --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
Oops. I just noticed I made source.body a String and not a NodeSeq. Sometimes source.body is text with html tags in it. Like - Hey dude, bwhat/b are you doing? I guess I should make it a NodeSeq. Sorry about that. Jack On Wed, Oct 21, 2009 at 9:33 AM, David Pollak feeder.of.the.be...@gmail.com wrote: On Wed, Oct 21, 2009 at 6:32 AM, jack jack.wid...@gmail.com wrote: Let's say source.body is ahref=google.comSearch/a. If I put source.body in a span like this - span{source.body}/span source.body will be converted to text and the actual link tags will be displayed. What is the right way to do this? How was source.body generated? On Oct 21, 9:06 am, David Pollak feeder.of.the.be...@gmail.com wrote: On Tue, Oct 20, 2009 at 10:16 PM, jack jack.wid...@gmail.com wrote: OK, I see why this is happening. the {exp} in the NodeSeq convert exp to a String. So I did by creating a string and then converting it to a NodeSeq at the end. Is there a way to do this without using and intermediary string? I don't know what a source is, but you really, really have to be careful about promoting a String to a NodeSeq. If the String has user-generated content in it, then you've got a cross-site scripting vulnerability waiting to happen. For user-generated content, I suggest using Textile parser built into Lift. In any case, if you don't have a NodeSeq in your data structure, you'll have to parse it into XML before displaying it. On Oct 21, 1:03 am, jack jack.wid...@gmail.com wrote: I have the following method display. source.body has html tags in it but the actual tags are showing instead of being evaluated. e.g. I'm seeing things like 'bHey There/b' instead of 'Hey There' in bold. This method is in a CometActor and is running when the page is rendered. Am I missing something obvious? def display(sources:List[Source]):NodeSeq = { span id=jooptable { for {source - sources} yield trtd{source.body}/td/tr } /table /span } -- Lift, the simply functional web frameworkhttp://liftweb.net Beginning Scalahttp://www.apress.com/book/view/1430219890 Follow me:http://twitter.com/dpp Surf the harmonics -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Surf the harmonics -- Jack --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---
[Lift] Re: html not being evalutated
Like David said, be very careful about using NodeSeqs if you're taking user-generated content, since that can lead directly to cross-site scripting attacks and other nastiness. Derek On Wed, Oct 21, 2009 at 7:41 AM, Jack Widman jack.wid...@gmail.com wrote: Oops. I just noticed I made source.body a String and not a NodeSeq. Sometimes source.body is text with html tags in it. Like - Hey dude, bwhat/b are you doing? I guess I should make it a NodeSeq. Sorry about that. Jack On Wed, Oct 21, 2009 at 9:33 AM, David Pollak feeder.of.the.be...@gmail.com wrote: On Wed, Oct 21, 2009 at 6:32 AM, jack jack.wid...@gmail.com wrote: Let's say source.body is ahref=google.comSearch/a. If I put source.body in a span like this - span{source.body}/span source.body will be converted to text and the actual link tags will be displayed. What is the right way to do this? How was source.body generated? On Oct 21, 9:06 am, David Pollak feeder.of.the.be...@gmail.com wrote: On Tue, Oct 20, 2009 at 10:16 PM, jack jack.wid...@gmail.com wrote: OK, I see why this is happening. the {exp} in the NodeSeq convert exp to a String. So I did by creating a string and then converting it to a NodeSeq at the end. Is there a way to do this without using and intermediary string? I don't know what a source is, but you really, really have to be careful about promoting a String to a NodeSeq. If the String has user-generated content in it, then you've got a cross-site scripting vulnerability waiting to happen. For user-generated content, I suggest using Textile parser built into Lift. In any case, if you don't have a NodeSeq in your data structure, you'll have to parse it into XML before displaying it. On Oct 21, 1:03 am, jack jack.wid...@gmail.com wrote: I have the following method display. source.body has html tags in it but the actual tags are showing instead of being evaluated. e.g. I'm seeing things like 'bHey There/b' instead of 'Hey There' in bold. This method is in a CometActor and is running when the page is rendered. Am I missing something obvious? def display(sources:List[Source]):NodeSeq = { span id=jooptable { for {source - sources} yield trtd{source.body}/td/tr } /table /span } -- Lift, the simply functional web frameworkhttp://liftweb.net Beginning Scalahttp://www.apress.com/book/view/1430219890 Follow me:http://twitter.com/dpp Surf the harmonics -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Surf the harmonics -- Jack --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Lift group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~--~~~~--~~--~--~---