Module not show when I put <NeatHtml:UntrustedContent ..... -

Module not show when I put <NeatHtml:UntrustedContent .....

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This thread is closed to new posts. You must sign in to post in the forums.

12/14/2010 3:11:58 AM

andritjia

Total Posts 2

View Posts

Module not show when I put <NeatHtml:UntrustedContent .....

Hi guys, I just the developer tutorial video from youtube. I reached no.21 about protecting your site from untrusted content. so far it's ok but when I put

<NeatHtml:UntrustedContent ID="UntrustedContent1" runat="server" EnableViewState="false" TrustedImageUrlPattern='<%# RegexRelativeImageUrlPatern %>' ClientScriptUrl="~/ClientScript/NeatHtml.js">

........

</NeatHtml:UntrustedContent>

the GuestBook module doesnt show on the page. but when I delete those code. the module show. I follow exactly the step from the tutorial. any one knows how to solve it?

Thanks

12/14/2010 7:37:32 AM

Joe Audette

Total Posts 18439

View Posts

Re: Module not show when I put <NeatHtml:UntrustedContent .....

It depends what you are wrapping the NeatHtml control around. You should not put the editor inside it for example since it needs to use javascript. The whole idea of NeatHtml is to prevent any javascript inside it from running. Untrusted users should not be able to add javascript to a page, they may manage to post the script in the editor but NeatHtml will prevent the script from running when the user content is shown on the page.

In the near future I will make a download of the guestbook code available so you can see my example directly.

Hope it helps,

Joe

12/14/2010 8:29:47 PM

andritjia

Total Posts 2

View Posts

Re: Module not show when I put <NeatHtml:UntrustedContent .....

Hi Joe, Thanks for your response. Ya I don't put any editor there. Here's my source code perhaps you can help me

GuestBookModule.ascx

<%@ Control Language="C#" AutoEventWireup="false" CodeBehind="GuestBookModule.ascx.cs" Inherits="wardrobe.Web.UI.GuestBookModule" %>

<portal:mojoPanel ID="mp1" runat="server" ArtisteerCssClass="art-Post" RenderArtisteerBlockContentDivs="true">
<mp:CornerRounderTop id="ctop1" runat="server" />
<asp:Panel ID="pnlWrapper" runat="server" cssclass="art-Post-inner panelwrapper GuestBook">
<portal:ModuleTitleControl EditText="Edit" runat="server" id="TitleControl" />
<portal:mojoPanel ID="MojoPanel1" runat="server" ArtisteerCssClass="art-PostContent">

   <asp:Panel ID="pnlGuestBook" runat="server" CssClass="modulecontent" GroupingText="Sign Our GuestBook" DefaultButton="btnSubmit">
   <div class="floatpanel">
   <ol class="formlist">
   <li class="settingrow">
   <mp:SiteLabel id="lblName" runat="server" ForControl="txtName" CssClass="settinglabel" ConfigKey="NameLabel" ResourceFile="GuestBookResources" />
   <asp:TextBox ID="txtName" CssClass="normalwidetextbox forminput" runat="server" />
</li>
<li class="settingrow">
<mp:SiteLabel id="lblEmailAddress" runat="server" ForControl="txtEmailAddress" CssClass="settinglabel" ConfigKey="EmailAddressLabel" ResourceFile="GuestBookResources" />
<asp:TextBox ID="txtEmailAddress" CssClass="normalwidetextbox forminput" runat="server" />
<asp:RegularExpressionValidator ID="regexEmail" runat="server" ValidationGroup="GuestBook" ControlToValidate="txtEmailAddress" Display="Dynamic"></asp:RegularExpressionValidator>
</li>
<li class="settingrow">
<mp:SiteLabel id="lblLocation" runat="server" ForControl="txtLocation" CssClass="settinglabel" ConfigKey="LocationLabel" ResourceFile="GuestBookResources" />
<asp:TextBox ID="txtLocation" CssClass="widetextbox forminput" runat="server" />
</li>
<li class="settingrow">
<mp:SiteLabel id="lblWebsiteUrl" runat="server" ForControl="txtWebsiteUrl" CssClass="settinglabel" ConfigKey="WebsiteUrlLabel" ResourceFile="GuestBookResources" />
<asp:TextBox ID="txtWebsiteUrl" CssClass="widetextbox forminput" runat="server" />
<asp:RegularExpressionValidator ID="regexUrl" runat="server" ValidationGroup="GuestBook" ControlToValidate="txtWebsiteUrl" Display="Dynamic" ValidationExpression="^(ht|f)tp(s?)://([\w-]+\.)+[\w-]+(/[\w-./?%&=]*)?$"></asp:RegularExpressionValidator>
</li>
<li class="settingrow">
<mp:SiteLabel id="lblComment" runat="server" ForControl="txtComment" CssClass="settinglabel" ConfigKey="CommentLabel" ResourceFile="GuestBookResources" />
<div class="settingrow">
<mpe:EditorControl ID="edComment" runat="server" />
</div>
</li>
<li class="settingrow">
<mp:CaptchaControl ID="captcha" runat="server" />
</li>
<li class="settingrow">
<asp:Button ID="btnSubmit" runat="server" ValidationGroup="GuestBook" />
<asp:ValidationSummary ID="vsummary" runat="server" ValidationGroup="GuestBook" />
</li>
</ol>
<asp:Label id="lblTest" runat="server"></asp:Label>
</div>

<asp:Panel ID="pnlResults" runat="server" CssClass="floatpanel2">
<asp:Repeater ID="rptGuests" runat="server">
<ItemTemplate>
<NeatHtml:UntrustedContent ID="UntrustedContent1" runat="server" EnableViewState="false" TrustedImageUrlPattern='<%# RegexRelativeImageUrlPatern %>' ClientScriptUrl="~/ClientScript/NeatHtml.js">
<div class="gbitem">
<span class="gbbase gbcomment"><%# Eval("Comment") %></span>
<span class="gbbase gbname"><%# Eval("Name") %></span>
<span class="gbbase gblocation"><%# Eval("Location") %></span>
<span class="gbbase gbweb">
<a href="<%# Eval("WebSiteUrl") %>" rel="nofollow"><%# Eval("WebSiteUrl") %></a>
</span>
</div>
</NeatHtml:UntrustedContent>
</ItemTemplate>
</asp:Repeater>
</asp:Panel>
</asp:Panel>

</portal:mojoPanel>
<div class="cleared"></div>
</asp:Panel>
<mp:CornerRounderBottom id="cbottom1" runat="server" />
</portal:mojoPanel>

GuestBookModule.ascx.cs

using System;
using System.Collections;
using System.Collections.Generic;
using System.IO;
using System.Data;
using System.Configuration;
using System.Globalization;
using System.Text;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using mojoPortal.Web;
using mojoPortal.Web.Framework;
using mojoPortal.Web.UI;
using mojoPortal.Business;
using mojoPortal.Business.WebHelpers;
using mojoPortal.Web.Editor;
//using mojoPortal.Web.Editor;
//using mojoPortal.Web.Controls.Captcha;
//using mojoPortal.Business;
//using log4net;
//using wardrobe.Features.Business;
using wardrobe.Business;
using Resources;

namespace wardrobe.Web.UI
{

   public partial class GuestBookModule : SiteModuleControl
   {
  // FeatureGuid 9a26af58-de50-4c07-a925-58e43f5d22ee

private GuestBookRespository repository = new GuestBookRespository();
protected string RegexRelativeImageUrlPattern = @"^/.*[_a-zA-Z0-9]+\.(png|jpg|jpeg|gif|PNG|JPG|JPEG|GIF)$";

#region OnInit

   protected override void OnInit(EventArgs e)
   {
   base.OnInit(e);
   this.Load += new EventHandler(Page_Load);
   btnSubmit.Click += new EventHandler(btnSubmit_Click);
   Page.EnableViewState = true;
   SiteUtils.SetupEditor(edComment);
   }

   #endregion

   protected void Page_Load(object sender, EventArgs e)
   {
   LoadSettings();
   PopulateLabels();
   PopulateControls();

}

   private void PopulateControls()
   {
   //TitleControl.EditUrl = SiteRoot + "/GuestBook/GuestBookEdit.aspx";
   TitleControl.Visible = !this.RenderInWebPartMode;
   if (this.ModuleConfiguration != null)
   {
   this.Title = this.ModuleConfiguration.ModuleTitle;
   this.Description = this.ModuleConfiguration.FeatureName;
   }

if (!IsPostBack) { BindResults(); }
}

   private void BindResults()
   {
   List<GuestBook> guests = repository.GetAll(ModuleGuid);
   rptGuests.DataSource = guests;
   rptGuests.DataBind();
   }

void btnSubmit_Click(object sender, EventArgs e)
{
Page.Validate();
if (!Page.IsValid) { return; }
else
{
Save();
}
WebUtils.SetupRedirect(this, Request.RawUrl);
}

private void Save()
{
GuestBook guestBook = new GuestBook();

guestBook.ModuleGuid = ModuleGuid;
guestBook.ModuleID = ModuleId;
guestBook.Name = txtName.Text;
guestBook.EmailAddress = txtEmailAddress.Text;
guestBook.Location = txtLocation.Text;
guestBook.WebsiteUrl = txtWebsiteUrl.Text;
guestBook.Comment = edComment.Text;
guestBook.CreatedDate = DateTime.UtcNow;
guestBook.CreatedByIP = SiteUtils.GetIP4Address();

repository.Save(guestBook);

}

private void PopulateLabels()
{
TitleControl.EditText = "Edit";
btnSubmit.Text = GuestBookResources.SubmitButton;

regexEmail.ErrorMessage = GuestBookResources.EmailValidationWarning;
regexUrl.ErrorMessage = GuestBookResources.UrlValidationWarning;
}

private void LoadSettings()
{

edComment.WebEditor.ToolBar = mojoPortal.Web.Editor.ToolBar.AnonymousUser;
edComment.WebEditor.Height = Unit.Pixel(150);
captcha.ProviderName = siteSettings.CaptchaProvider;
captcha.Captcha.ControlID = "captcha" + ModuleId.ToInvariantString();
captcha.RecaptchaPrivateKey = siteSettings.RecaptchaPrivateKey;
captcha.RecaptchaPublicKey = siteSettings.RecaptchaPublicKey;

regexEmail.ValidationExpression = SecurityHelper.RegexEmailValidationPattern;
}

}
}

GuestBookModule.ascx.designer.cs

namespace wardrobe.Web.UI {

   public partial class GuestBookModule {
   protected global::mojoPortal.Web.UI.ModuleTitleControl TitleControl;
   protected global::mojoPortal.Web.Editor.EditorControl edComment;
   protected global::mojoPortal.Web.Controls.CaptchaControl captcha;

   protected global::System.Web.UI.WebControls.Panel pnlWrapper;
   protected global::System.Web.UI.WebControls.Panel pnlGuestBook;
   protected global::System.Web.UI.WebControls.TextBox txtName;
   protected global::System.Web.UI.WebControls.TextBox txtEmailAddress;
   protected global::System.Web.UI.WebControls.RegularExpressionValidator regexEmail;
   protected global::System.Web.UI.WebControls.TextBox txtLocation;
   protected global::System.Web.UI.WebControls.TextBox txtWebsiteUrl;
   protected global::System.Web.UI.WebControls.RegularExpressionValidator regexUrl;
   protected global::System.Web.UI.WebControls.Button btnSubmit;
   protected global::System.Web.UI.WebControls.ValidationSummary vsummary;
   protected global::System.Web.UI.WebControls.Label lblTest;
   protected global::System.Web.UI.WebControls.Panel pnlResults;
   protected global::System.Web.UI.WebControls.Repeater rptGuests;
   }
}

"Project References"

Brettle.Web.NeatHtml
Brettle.Web.NeatHtmlTools
log4net
Microsoft.CSharp
mojoPortal.Web
mojoPortal.Web.Controls
mojoPortal.Web.Editor
mojoPortal.Web.Framework
System
System.Configuration
System.Core
System.Data
System.DataSetExtensions
System.Drawing
System.EnterpriseServices
System.Web
System.Web.ApplicationService
System.Web.DynamicData
System.Web.Entity
System.Web.Extensions
System.Web.Mobile
System.Web.Services
System.Xml
System.Web.Linq
wardrobe.Business

and I'm using Visual Studio 2010 Premium and SQL Server 2008 R2 Express

Once again thanks for your response Joe

You must sign in to post in the forums. This thread is closed to new posts.