Installation of an editor plugin in web2py app

[Ramashish Gaurav]

Hi all !

First of all, I am a newbie in web2py. 

I am working on a project and need to install an editor plugin in my web2py app named "editor". After hours of search I got ck_editor4 plugin , installed it and then made some changes in models and views of my application. Changes were made in :

1:   editor/models/db1.py 

Contents are :

# -*- coding: utf-8 -*-

from plugin_ckeditor import CKEditor

ckeditor = CKEditor(db)

ckeditor.define_tables()

db.define_table('content', Field('title', length=255), 

Field('public', 'boolean', default=True), 

Field('text', 'text', widget=ckeditor.widget) )

2:   editor/views/default/index.html

Contents are:

{{=ckeditor.edit_in_place('.editable', URL())}}

After opening the index page in browser a ticket was raised which says this:

Traceback (most recent call last): File "gluon/restricted.py", line 224, in restricted File "C:/Users/Ramashish Gaurav/Downloads/web2py_win/web2py/applications/editor/models/db1.py", line 4, in <module> ckeditor.define_tables() File "applications\editor\modules\plugin_ckeditor.py", line 59, in define_tables fake_migrate = fake_migrate, File "gluon/dal.py", line 8414, in define_table File "gluon/dal.py", line 8430, in lazy_define_table File "gluon/dal.py", line 8952, in __init__ File "gluon/dal.py", line 8119, in check_reserved_keyword SyntaxError: invalid table/column name "length" is a "ALL" reserved SQL/NOSQL keyword Please help me regarding this issue (May be I am not placing the right code at right place).  (I don't know whether this editor will support programming languages like C, C++ etc, so if you have got any new simple programming language based editor for web2py app, I'll be happy to install that)

[Maboroshi]

Your error at this point isn't from ckeditor but you are using a reserved sql keyword in your database table/field. I suggest removing this line check_reserved=['all'] or change the name of one of the fields/tables in question.

As a side reference here is a brief bit of info for implementing ckeditor.

I haven't used ckeditor in a long time but if the code remains the same then you can do this.

in db.py add:

def advanced_editor(field, value):
    return TEXTAREA(_id = str(field).replace('.','_'), _name=field.name, _class='text ckeditor', value=value, _cols=80, _rows=10)

For the text field you use this as an example:
Field('body', 'text', widget=advanced_editor))

In your template file example layout.html add the path to ckeditor:
<script type="text/javascript" src="{{=URL(request.application,'static','ckeditor/ckeditor.js')}}"></script>

Then choose to sanitize or not the input. Depending if other users will submit your form then I would choose to sanitize info:

Example sanitized:
                    {{=XML(query.body,sanitize=True, permitted_tags=['a', 'b', 'blockquote', 'br', 'i', 'li',
                                           'ol', 'ul', 'p', 'cite', 'code', 'pre', 'img'],
                            allowed_attributes={'a':['href', 'title'],
                                           'img':['src', 'alt'], 'blockquote':['type']})}}

Example unsanitized: {{=XML(query.body,sanitize=False)}}

you can choose what values you will allow to be displayed for that form code in the ckeditor config. I don't remember if there is anything you need to do in the controller files but looking at code I don't believe so.

*cheers!

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Ramashish Gaurav]

Dear Andrew,

Many thanks for your response and elaborate explanation of installation of ck-editor. However I used another light weight editor nicEdit since the installation was pretty easy as directed at http://nicedit.com/ . However I am in a problem, not related to installation of editors, but in showing of html doc after being saved from the textarea.

The content from the textarea in HTML used with nicEdit, is in html format. After getting the html coded text from textarea and saving it in database, I need to redisplay it on demand. I tried to use textarea with read only mode to display the html text in formatted form, searched for hours on internet but with no luck. Textarea always showed the raw html code instead of formatted one. Also I read that it can be done via an editor only, not textarea. So used nicEdit again, but don't know to use it in read only mode. stackoverflow had a post related to the similar problem of using nicEdit with disabled edit option, but it did not come to my rescue. I implemented the code posted there in answer, but was not able to set nicEdit in read only mode. Here is the link.

http://stackoverflow.com/questions/4282446/how-to-set-nicedit-uneditable

If you do know to display the html coded text in formatted way via nicEdit or any other way round, I'd appreciate your help.

Here is the code I have implemented:

{{extend 'layout.html'}}

<head>

<script src="http://js.nicedit.com/nicEdit-latest.js" type="text/javascript"></script>

<script type="text/javascript" src="jquery-1.11.1.js"></script>

<script type="text/javascript">bkLib.onDomLoaded(nicEditors.allTextAreas);</script>

<script type="text/javascript" src="http://js.nicedit.com/nicEdit-latest.js">

//<![CDATA[

            bkLib.onDomLoaded(funtion(){

                                                      var myNicEditor = new nicEditor();

                                                      myNicEditor.addInstance("nice"); 

                                                      nicEditors.findEditor("nice").disable();

                                       });    

                                                                                                    //]]> </script>

</head>

<body>

    {{for row in rows:}}

    <textarea id="nice">{{=row.textfromeditor}}</textarea>

    {{pass}}

</body>

[Maboroshi]

Hey there if I understand correctly you want to not display html but the formatted output. If so then use this in your view and add any html you would like to allow.

{{=XML(row.textfromeditor, sanitize=True, permitted_tags=['a', 'b', 'blockquote', 'br', 'i', 'li',

                                           'ol', 'ul', 'p', 'cite', 'code', 'pre', 'img'],
                            allowed_attributes={'a':['href', 'title'],
                                           'img':['src', 'alt'], 'blockquote':['type']})}}

or do this which I highly suggest not doing {{=XML(row.textfromeditor, sanitize=False)}}

*cheers

[Ramashish Gaurav]

Thanks all the way Andrew. This was the perfect solution to my problem, for which I wasted a day. One more thing, if you wish to, please give me some info about XSS attack, how can we ignorantly get caught in it and measures taken to prevent XSS attacks.  

[Maboroshi]

Web2py has really decent security issue prevention built in, see here: http://web2py.com/books/default/chapter/34/01/introduction#Security

*cheers :D

 

[Ramashish Gaurav]

I used the first implementation of XML ( where sanitisation is true ), but few formatting effects are not working right. 

I solved the problem of underlining the text by including 'u' tag in list of permitted tags, but couldn't solve the problem of font size, font family, font colour, background colour, text alignment (center, right, ..... )  including a link, uploading an image, and indenting the text. Please look into this issue.