All geek questions in one place

Format html in ckeditor if the text is in the wrong format

I have an old ASP.NET application that uses the freetextbox WYSIWYG editor. But it saves a strange html (not a specific html format) to the database.

<TABLE class=mceVisualAid border=0 width=560 align=center height=395>
<TBODY>
<TR align=center>
<TD class=mceVisualAid><SPAN>
<H1 style=COLOR: rgb(0,0,0)    align=center><SPAN><SPAN><SPAN><STRONG><FONT size=3><STRONG><FONT size=3><STRONG><FONT size=2><STRONG><FONT size=3> Message</FONT></STRONG></FONT></STRONG></FONT></STRONG></FONT></STRONG></SPAN></SPAN></SPAN></H1>
<H1 style=COLOR: rgb(0,0,0) align=center><SPAN><SPAN><SPAN><STRONG><FONT size=3><STRONG><FONT size=3><STRONG><FONT size=2><STRONG><FONT size=3>16 August 2013</FONT>

Now I use ckeditor WYSIWYG as an ASP.net MVC application that uses the same data that is stored in the databse, but I do not get the perfect way to render this html in the editor. My config.js ckeditor:

CKEDITOR.editorConfig = function( config ) {
// Define changes to default configuration here. For example:
// config.language = 'fr';
// config.uiColor = '#AADC6E';
config.entities = false;
config.basicEntities = false;
config.entities_greek = false;
config.entities_latin = false;

};

During rendering, it looks like this: enter image description here

+4
source share
2 answers

Try using this in a view:

@Html.Raw(HttpUtility.HtmlDecode(Model.MyContent)).ToHtmlString();

Just verify that logging in to CKEditor checks for illegal tags for XSS och.

- -XSS-, . .

-XSS- ( , - , )

https://msdn.microsoft.com/en-us/security/aa973814.aspx

+1

htmlentities. .

JS:

var htmlEntities = $('#MyId').ckeditor();   //Or whatever the way you read data 
var pureHtml = $('<textarea />').html(htmlEntities).text();  //Convert

:

function decodeHTMLEntities (str) {
    if(str && typeof str === 'string') {
      // strip script/html tags
      str = str.replace(/<script[^>]*>([\S\s]*?)<\/script>/gmi, '');
      str = str.replace(/<\/?\w(?:[^"'>]|"[^"]*"|'[^']*')*>/gmi, '');
      element.innerHTML = str;
      str = element.textContent;
      element.textContent = '';
    }

    return str;
  }
0

Source: https://habr.com/ru/post/1626109/

More articles:


All Articles