nicedit
127 views
Skip to first unread message
annet
Jan 2, 2009, 5:10:40 AM1/2/09
to web2py Web Framework
I built a simple mock app to explore nicedit. As a model I defined a
table:
db.define_table('mock',
SQLField('body', 'text'),
migrate='mock.table')
In the view I manage to insert a text into the mock table, and to
prepopulate the text area with the inserted text, so the user can
update the text. However when I want to display the text in a view,
the contents of the field 'body' is displayed the way it is stored in
the database, the html is not interpreted, the tags are displayed as
well.
Furthermore, I would like to remove the toolbars from the nicedit
editor, so that the user can only use the return key to enter a line
break.
I hope one of you knows how to solve these two problems,
Best regards,
Annet.
table:
db.define_table('mock',
SQLField('body', 'text'),
migrate='mock.table')
In the view I manage to insert a text into the mock table, and to
prepopulate the text area with the inserted text, so the user can
update the text. However when I want to display the text in a view,
the contents of the field 'body' is displayed the way it is stored in
the database, the html is not interpreted, the tags are displayed as
well.
Furthermore, I would like to remove the toolbars from the nicedit
editor, so that the user can only use the return key to enter a line
break.
I hope one of you knows how to solve these two problems,
Best regards,
Annet.
mdipierro
Jan 2, 2009, 5:33:12 AM1/2/09
to web2py Web Framework
If you have html in in a record.body you should display it with
{{=XML(record.body)}}
or better, to avoid XSS Injections
{{=XML(record.body,sanitize=True)}}
You can also specify which tags are allowed and which attributes
{{=XML(record.body,sanitize=True, permittied_tags=
['a'],allowed_attributes={'a':['href']})}}
When creating a record with SQLFORM(db.mock) or editing with SQLFORM
(db.mock,record), the body, by default is rendered by
<textarea name="body" id="mock_body"></textarea>
You can enable nicedit with the followin javascript (assuming you have
nicedit.* files in the static folder):
<script src="/{{=request.application}}/static/nicEdit.js"
type="text/javascript"></script>
<script><!--
$(document).ready(function(){
new nicEditor({fullPanel : true, iconsPath : '/
{{=request.application}}/static/nicEditorIcons.gif'}).panelInstance
('mock_body');
});
//--></script>
Massimo
{{=XML(record.body)}}
or better, to avoid XSS Injections
{{=XML(record.body,sanitize=True)}}
You can also specify which tags are allowed and which attributes
{{=XML(record.body,sanitize=True, permittied_tags=
['a'],allowed_attributes={'a':['href']})}}
When creating a record with SQLFORM(db.mock) or editing with SQLFORM
(db.mock,record), the body, by default is rendered by
<textarea name="body" id="mock_body"></textarea>
You can enable nicedit with the followin javascript (assuming you have
nicedit.* files in the static folder):
<script src="/{{=request.application}}/static/nicEdit.js"
type="text/javascript"></script>
<script><!--
$(document).ready(function(){
new nicEditor({fullPanel : true, iconsPath : '/
{{=request.application}}/static/nicEditorIcons.gif'}).panelInstance
('mock_body');
});
//--></script>
Massimo
Reply all
Reply to author
Forward
0 new messages