I am working on a project that requires multilanguage support. I decided to utilize Assemble (more specifically grunt-assemble) since it was already part of the project toolbox so my current setup uses JSON file(s) as data/text input for handlebar templates.
The site is responsive and there is a requirement to have certain level of control over text using break lines <br /> or non-breaking spaces to avoid orphaned words. Some sentences require mentioned tag or html entity to be included in the string otherwise I'd be forced to split sentence word by word and combine hardcoded html with json data reference. Imagine something like this:
<p>{{word_1}}<br />{{word_2}}</p>
This approach is also not very translation friendly, since a different language might not require line break at all.
To avoid this I've tried to pass html via JSON like this:
{ "sentence" : "word<br />word" }
Assemble output, however, is literal, so instead or of functional tag I get its string version and page literally displays word<br />word. Same for
What is (if any) proper notation for passing html tags or entities from JSON to handlebar templates via Assemble?
Handlebars escapes HTML by default, but you can avoid escaping with the triple-stash format {{{ }}}. Take a look at the following .hbs page:
---
title: Test
htmlData: This is some <br/> html in data
---
<p>double-stash: {{htmlData}}</p>
<p>triple-stash: {{{htmlData}}}</p>
results in:
double-stash: This is some <br/> html in data
triple-stash: This is some
html in data
Related
I have response data in form of:
'<b>How can I waive the underage fee?</b><br>\n You … have marked your age correctly before searching.'
So the question is, how can I use that data in React Component?
I have to use it between two divs. Given data is string form of html syntax.
If you want to display this html content in a component, you can use dangerouslySetInnerHTML this way:
<div dangerouslySetInnerHTML={{__html:data}} />
This will inject the HTML in you DOM. As mentioned in the doc, be aware of risks involved with injecting some unknown HMTL.
Source : https://fr.reactjs.org/docs/dom-elements.html#dangerouslysetinnerhtml
I'm programming in oTree (which is a Django based environment for social experiments) and I have the following problem. I defined some lists in Python and I'd like to import them and use them in an HTML template. If I print them in HTML I manage to see them without any problem, however, once I need to use them in Javascript, the program fails to read them and the single quotes of the elements of the list are converted in '.
The list is imported like this var filtered_elements = {{ array }};.
I think the problem is exactly here, as JS cannot work with them. Do you have any suggestion on how to do that? I considered using JSON, but since I'm quite new to programming, I cannot understand if it's just a waste of time or there is a simpler way out.
Thanks for your answers!
It sounds like your data is already JSON, otherwise you would be getting single quotes and u prefixes. So the only issue is Django autoescaping; you can disable it with the safe filter:
var filtered_elements = {{ array|safe }};
Your data should be JSON, instead of putting the Python list into the contact directly, put "array": json.dumps(array) in the context dictionary.
The JSON string doesn't need HTML escaping inside a tag, but it does need JS escaping! Otherwise some string may include something like </script><script>absolutely anything goes here... to run arbitrary JavaScript, if the JSON contains user data.
So use |escapejs:
var filtered_elements = {{ array|escapejs}};
I'm new on Laravel
and I search for a way to run queries
I'm not talking about select etc...
I want to run this query:
SET NAMES 'utf8'
This is question number one,
Now question number two:
I have data writen in hebrew in my db
and when I do on Laravel this code:
$todolist = DB::select('select * from todo');
return $todolist;
I get this result:
[{"id":1,"name":"\u05d1\u05dc\u05d4 \u05d1\u05dc\u05d4 \u05d1\u05dc\u05d4","done":0},{"id":2,"name":"\u05d1\u05dc\u05d4 \u05d1\u05dc\u05d4 \u05d1\u05dc\u05d4","done":1}]
What is this? unicode? how can I turn it to hebrew again?
My mission is to send it back to client side and then show it on the web page
How can I translate this from unicode to hebrew with Java Script ?
You can use the statement method of the DB class, like so:
DB::statement("SET NAMES 'utf8'");
I'm not entirely aware of the situation but I would recommend this be within a migration.
Regarding the unicode characters, those should render in views correctly and should be usable within Javascript (see http://codepen.io/anon/pen/LZpOqY)
I've currently huge amount of data (500 mb each) which I'm using lodash and cheerio to parse and fetch parts of it.
Problem with new data is that it has some empty tags being incorrectly replaced.
Example:
<apple></apple>
gets replaced by
</apple>
I want to make sure that the previous formatting remains the same. Any regex that I can use to find these new empty tags and replace it with the old correct format?
You probably mean that <apple></apple> is replaced by <apple/> (not </apple>).
<apple></apple> and <apple/> are equivalent in XML, and no compliant XML process will treat them differently, so you should not care which is used in your document.
If you truly meant that <apple></apple> is replaced by </apple>, then you have a likely irreparably damaged file as you won't know whether any given end tag for apple should be associated with an empty or nonempty apple element.
For example, doing a string-level replace of "</apple>" to <apple></apple> for
<apple>one</apple>
would result in
<apple>one<apple></apple>
which would not be well-formed.
I want to pass a dictionary from django view to a javascript file. The dictionary is built from a database populated by site users. What's the difference between these 2 methods in terms of security?
var mydata = JSON.parse("{{mydata|escapejs}}");
var mydata = {{ mydata|safe }};
Further, the doc at django says this for escapejs : This does not make the string safe for use in HTML. Could you show me an example of how it's unsafe & how can I make it safe.
For anyone coming across this in 2019, Django now provides a third option with the |json_script template filter. This filter takes care of properly serializing and escaping your Python object for use in HTML.
From the docs, using example data with unsafe characters my_data = {'hello': 'world</script>&'}:
{{ my_data|json_script:"my-data" }}
renders to
<script id="my-data" type="application/json">
{"hello": "world\\u003C/script\\u003E\\u0026amp;"}
</script>
You can then access this data in Javascript via
var value = JSON.parse(document.getElementById('my-data').textContent);
The following dictionary can break your page without proper escaping:
{'x':'</script><b>HELLO</b>'}
Inside tags, you can json.dumps it in your view and then use escapejs to stay safe.
(I believe the explanation means that if you want to show the output of json.dumps in HTML, let's say in a <pre> tag, just make sure it is escaped by not using safe or escapejs.)