Back at it

Last post 12-30-2003, 6:05 AM by daveparker. 5 replies.
Sort Posts: Previous Next
  •  11-02-2003, 9:05 PM 47

    Back at it

    A while back I asked about editing a literal using cute editor and saving the changes. I assumed that this was the main purpose of the tool. The samples allow you to edit the text and make changes, and when you update they are displayed, however - as soon as the page is re-loaded the text that is in the page_load event is redisplayed. I don't see the point in that. I had expected that the update would possibly update the HTML, with the new formatting.

    I recieved  one response about this - suggesting that I would have to save the edited text to a database. Is this the only option? I wrote code to attempt that. I pull text from a SQL DB then change it in the editor and save. In order to save I put the new text - as a string - into SQL. The update fails - because of all the tags and quotes,etc. that is part of the formatted string.  1. Is this the only way that permanent changes are saved in this editor? 2. If so, what sort of syntax do you use to add the HTML formatted string to a SQL statement - so it will save it properly?

    Thanks, Dave

    This is the code that I experimented with.

    public void Submit(object sender, System.EventArgs e)

    {

    string strCText, strDBConn, strSQL;

    Literal1.Visible = true;

    Editor2.Visible = false;

    btnUpdate.Visible = false;

    Literal1.Text = Editor2.Text;

    strCText = Literal1.Text;

    strDBConn = ConfigurationSettings.AppSettings["ConnectionString"];

    SqlConnection ObjConn = new SqlConnection( strDBConn );

    ObjConn.Open();

    strSQL = "UPDATE CText SET CTextContent = "+strCText+" where CTextId = 1";

    SqlCommand ObjCmd = new SqlCommand(strSQL, ObjConn);

    ObjCmd.ExecuteNonQuery();

    ObjConn.Close();

    }


     

  •  11-04-2003, 10:03 AM 52 in reply to 47

    Re: Back at it

    Hi Dave,

    CuteEditor is an online web-based WYSIWYG HTML editor. It upgrades your simple text area to a rich-text edit box. So you still need a data source to save the formatted data. The CuteEditor will not save the data itself.

    We use the Literal control to hold the data for demo purpose. When the user click the submit button, the page post back, the editor visibility is set to false and pass the data to the Literal control. The user can see the editing result. But when the new user click the page, he/she will get the dafault content we predefined.

    It's not necessary for you to use Literal control at all.

    Below are sample code I suggest you to use:

    void Page_Load(object sender, System.EventArgs e)
    {
       
       if(! this.IsPostBack )
       {
        String content = "";    //you can get the data from your data source to populate the editor
    Editor1.Text = content;
    }
    }
    public void Submit(object sender, System.EventArgs e)
     {
         Literal1.Text = Editor1.Text;
         strDBConn = ConfigurationSettings.AppSettings["ConnectionString"];
         SqlConnection ObjConn = new SqlConnection( strDBConn ); 
         ObjConn.Open();
         strSQL = "UPDATE CText SET CTextContent = "+ Editor1.Text +" where CTextId = 1";
         SqlCommand ObjCmd = new SqlCommand(strSQL, ObjConn);
         objCmd.ExecuteNonQuery();
         ObjConn.Close();
     }<!-- Inject Script Filtered --><!-- Inject Script Filtered -->
     If you have any further question, feel free to tell us.

    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  12-28-2003, 8:58 PM 145 in reply to 52

    Re: Back at it

    Trying this w an Access DB now. I still can't get the update to work. I get this error:

    A potentially dangerous Request.Form value was detected from the client (Editor1="<FONT face=Verdana>a...")

    This is the section of the insert that must be failing

    strSql += "VALUES ("+intReqId+", "+intParId+", 0, "+ Editor1.Text +",'Not Reviewed', 'New', 'Medium'";

    (The bolding and red font is mine. ) If I save as simple text this works OK. It seems to be the way that the text is formatted by the Cute Editor. That is, if I substitute a multiline text box for the Cute editor, it saves ok as plain text using textbox1.text, instead of Editor1.Text.

    Any Ideas about this? I tried using single quotes around the editor ' "+Editor1.Text +" ' - but that does not work either. In fact I can't debug it - I put breaks in the code before the SQL but it crashes as soon as I click the update button. Like it was validating the code first.

    Dave

  •  12-29-2003, 6:17 PM 146 in reply to 145

    Re: Back at it

    After some digging I see that my 'Error' message is generated by ASP.NET to protect against HTML that may have malicious code imbedded in it. You can prevent the error by setting the page directive 'validateRequest to false. However, then the HTML is not checked. Is this an issue using the Cute Editor? They advise setting up filters - regular expressions - that only allow specified HTML, if you set the directive to false. That would be a lot of code, I would think. Does Cutesoft have a take on this?

    Dave

  •  12-29-2003, 10:34 PM 156 in reply to 146

    Re: Back at it

    Yes, by default CuteEditor will automatically remove all the inject scripts before write the string into the db.

     

    If you paste the following script in the HTML view, it will not work.

     

    <script language="JavaScript" type="text/javascript" >

    alert("Hello World");

    </script>

     

     

    If you want to disable the feature, you can set the EnableStripScriptTags Property to false.

     

     


    asp.net Chat http://cutesoft.net/ASP.NET+Chat/default.aspx
    Web Messenger: http://cutesoft.net/Web-Messenger/default.aspx
    asp.net wysiwyg editor: http://cutesoft.net/ASP.NET+WYSIWYG+Editor/default.aspx
    asp wysiwyg html editor: http://cutesoft.net/ASP
    asp.net Image Gallery: http://cutesoft.net/ASP.NET+Image+Gallery/default.aspx
    Live Support: http://cutesoft.net/live-support/default.aspx

  •  12-30-2003, 6:05 AM 157 in reply to 156

    Re: Back at it

    So, the control has safeguards against malicious code. Good. Thanks.
View as RSS news feed in XML