It is not hard, it is safe. You cannot allow users to type html and
render the html back in a page. This would constitute a Cross Site
Scripting vulnerability. Frameworks that make it any easier are not
protecting you against that.
Massimo
On Nov 1, 4:36 am, dme69 <[EMAIL PROTECTED]> wrote:
> Thank you Massimo.
>
> I feel suprise this is so "hard" (not really) to have an html result
> with a textarea form ?
> I will try your solutions.
>
> Thank you again for your help.
> Dominique.
>
> On 31 oct, 18:22, mdipierro <[EMAIL PROTECTED]> wrote:
>
> > This is not a stupid question and thanks for asking!
>
> > let's say you have
>
> > db.define_table('item',SQLField('description','text'))
>
> > and you insert via the web interface of manually:
>
> > db.item.insert(description="This is\na test\n")
>
> > If you then display the item in html like this
>
> > {{ for item in db(db.item.id>0).select():}}
> > {{=item.decsription}}<br />
> > {{pass}}
>
> > web2py does not convert '\n' into '<br/>' and in HTML '\n' is just a
> > whitespace.
>
> > You have two options:
>
> > 1) ask web2py to interpret the text as markdown
>
> > {{from gluon.contrib.markdown import WIKI}}
> > {{ for item in db(db.item.id>0).select():}}
> > {{=WIKI(item.decsription)}}<br />
> > {{pass}}
>
> > 2) ask web2py to replace '\n' with '<br />' and to interpret the text
> > as HTML
>
> > {{ for item in db(db.item.id>0).select():}}
> > {{=XML(item.decsription.replace('\n','<br />'),sanitize=True)}}<br />
>
> > {{pass}}
>
> > One could come up with more fancy solutions but probably these should
> > do.
>
> > Massimo
>
> > On Oct 31, 10:58 am, dme69 <[EMAIL PROTECTED]> wrote:
>
> > > Hello all,
> > > I'm just trying to use Web2py (and python). I tried the cookbook
> > > example and I don't understand why when in the description field i put
> > > more than 1 line, all this lines are on the same line when showing he
> > > record.
> > > Where are the <br></br> tags ?
>
> > > Can someone help me. I found anything on the website and I feel stupid
> > > because I'm quite sure it's simple ?
>
> > > Thanks for your help.
>
> > > Dominique.
>
> > > PS : Sorry for my poor english. I hope everyone understand what I'm
> > > trying to explain.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
