Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Microsoft Content Management Server Development : A Placeholder Control to Store All HTML Tags (part 1)

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
7/26/2013 6:05:34 PM

Have you tried storing JavaScript or form elements, like a textbox or button control, in an HtmlPlaceholder object? If you have, you will have found that all <script>, <input>, and some other tags are stripped away when the page is saved.

Consider a posting that contains a single HtmlPlaceholderControl that allows authors to edit the HTML source code (the AllowHtmlSourceEditing property has been set to true).

FullFormatting and line breaks have been permitted on the underlying HtmlPlaceholder object, so this particular placeholder accepts the full spectrum of tags. If we enter code into the control that contains among other things a textbox, a button, and some JavaScript:

<table border="1">
<tr>
  <td>
    Greet the world:
  </td>
  <td>
    <input type="textbox" name="MyTextBox">
    <input type="button" value="Show it!" onclick="Greet();">
  </td>
</tr>
</table>
<script language="javascript">
function Greet()
{
  alert(document.all.MyTextBox.value);
}
</script>

On a regular web page, you would expect the resulting HTML page to look as shown below. When users click on the Show it! button, a pop-up message displays the contents of the textbox.

However, that is not what we see when the posting is saved. Instead what we get is a stripped down version of what we just entered. Only the words Greet the world and the table structure remain.

And if you look at the HTML source, only the following code snippet is left. The <input> type controls are gone and so are the <script> tags and everything that was between.

<TABLE border=1>
  <TBODY>
  <TR>
    <TD>Greet the world: </TD>
    <TD></TD>
  </TR>
  </TBODY>
</TABLE>

What happened? The HtmlPlaceholder object was designed to store only specific tags such as the <table>, <tr>, and <td> tags (note that these table tags are only accepted when full formatting is allowed). The full list can be obtained from the documentation.


Such restrictions are placed to prevent potentially dangerous tags from being entered and saved in placeholders. Such code could potentially cause infinite loops that open new browser windows, steal cookies, and even launch malicious applets or other controls.

Nevertheless, there may be times when your authors need to contribute content that contains these prohibited tags. Authors may need to embed client-side script, IFRAMEs, applets, or ActiveX controls within placeholder content. Usually, these objects are defined within the template file, but doing so requires the developer to insert the code. Tech-savvy authors may wish to manage such content themselves, bypassing potential workflow bottlenecks caused by busy developers.

The default HtmlPlaceholder placeholder object does not allow all tags. To get around this, we will build a custom placeholder control. Let’s call it the AllTagsHtmlPlaceholderControl. The control will have the same look and feel as the HtmlPlaceholderControl but it will modify the content so that the underlying HtmlPlaceholder no longer detects the disallowed tags when the posting is saved.

Here’s the completed AllTagsHtmlPlaceholderControl in authoring view. It looks exactly like the HtmlPlaceholderControl. Authors won’t even know the difference.

The magic about it is that after the posting is saved, the previously “illegal” elements and JavaScript remain! The screenshot below shows the HTML code within the placeholder control after it has been saved:

Other -----------------
- Sharepoint 2013 : Create a Team Site, Create an Enterprise Wiki Site in SharePoint Server, Create a Blog Site
- Sharepoint 2013 : Create a Subsite
- SQL server 2008 R2 : Reverting to a Database Snapshot for Recovery
- SQL server 2008 R2 : Setup and Breakdown of a Database Snapshot
- Windows Home Server 2011 : Maintaining Windows Home Server - Checking Free Disk Space on the System Drive
- Windows Home Server 2011 : Maintaining Windows Home Server - Checking Your Hard Disk for Errors
- Windows Home Server 2011 : Maintaining Windows Home Server - Checking System Uptime
- HP ProLiant Servers AIS : How Memory Works
- HP ProLiant Servers AIS : Memory and Cache
- SQL Server 2008 R2 : A Performance Monitoring Approach (part 3) - Monitoring Memory, Monitoring the Disk System
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server