有哪些 Web 管理所见即所得预览选项可用?
我有一个网络管理员,当用户编辑信息时,有一个所见即所得编辑器。
还有一个仅查看模板。用户在单击编辑操作之前查看信息。
目前,视图模板会在一行中生成保存的字段值。
<p><b>Hello</b></p><p>there</p>
当用户“查看”时,我必须采取哪些选项至少使内容更具可读性?
我能想到的选项是:
保持原样。好吧,这可以成为一长行文本。
以某种方式避免 MVC3 编码并添加实际的
或将内容实际呈现为 html。这是,你会看到粗体。如果有未闭合的标签怎么办。
对于上述任何一个,我都可以将其放置在可滚动的 div 中。
(我无法标记此问题。请随意重新标记)。
I have a web admin where there is a wysiwyg editor when a user edits information.
There is also a view only template.The user views the information before clicking an edit action.
Currently the view template results in one line for the saved field value.
<p><b>Hello</b></p><p>there</p>
What options do I have to al least make the a little more readable when the user is "viewing"?
Options I can think of are:
Leave as it. Well, that can become a long line of text.
Somehow to avoid encoding of MVC3 and to add actual
<br>in place of the</p>or<br>that is in the content. At least the lines will break up.Have the content actually present as html. This is, you will see bold. What if there is an unclosed tag.
With any of the above, i may place it in a scrollable div.
(I had trouble tagging this question. Feel free to retag).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
通常,当您与编辑人员合作时,无论如何您最终都会在网站上实时呈现 HTML,因此编码不应该成为一个大问题,因为您已经信任他们。
现在,我过去所做的是使用编辑器,例如 ckeditor 等,它们清理内容,这将解决您对未封闭标签的担忧的问题。
所以我会选择你清单上的选项 3。
Typically when you are working with editors you are going to eventually be presenting the HTML live on the site anyway, so encoding shouldn't be a big concern as you are already trusting them.
Now, what I've done in the past is with using editors, such as ckeditor, etc, they cleanup the content which would fix the issue with your concern about unclosed tag.
so I would go with option 3 on your list.
在将数据发送到服务器之前,还要确保您支持的任何编辑器都支持编码数据。不要关闭请求验证。
如有必要,请在模型属性上使用 [AllowHtml] 属性。
还可以使用 Microsoft 的 Anti-xss 库 - 特别是 HTML 清理程序来帮助删除邪恶脚本并帮助防止跨站点脚本攻击。
Also ensure that any editor you support encoded data before sending to the server. Do not turn off request validation.
Use the [AllowHtml] attribute on a model property if necessary.
Also use the Anti-xss library from Microsoft - specifically the HTML sanitizer to help remove evil script and help protect against cross site scripting.