Logo
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
PREGNANCY
 
 
Windows Server

Microsoft Content Management Server Development : A Placeholder Control to Store All HTML Tags (part 1)

7/26/2013 6:05:34 PM

Have you tried storing JavaScript or form elements, like a textbox or button control, in an HtmlPlaceholder object? If you have, you will have found that all <script>, <input>, and some other tags are stripped away when the page is saved.

Consider a posting that contains a single HtmlPlaceholderControl that allows authors to edit the HTML source code (the AllowHtmlSourceEditing property has been set to true).

FullFormatting and line breaks have been permitted on the underlying HtmlPlaceholder object, so this particular placeholder accepts the full spectrum of tags. If we enter code into the control that contains among other things a textbox, a button, and some JavaScript:

<table border="1">
<tr>
  <td>
    Greet the world:
  </td>
  <td>
    <input type="textbox" name="MyTextBox">
    <input type="button" value="Show it!" onclick="Greet();">
  </td>
</tr>
</table>
<script language="javascript">
function Greet()
{
  alert(document.all.MyTextBox.value);
}
</script>

On a regular web page, you would expect the resulting HTML page to look as shown below. When users click on the Show it! button, a pop-up message displays the contents of the textbox.

However, that is not what we see when the posting is saved. Instead what we get is a stripped down version of what we just entered. Only the words Greet the world and the table structure remain.

And if you look at the HTML source, only the following code snippet is left. The <input> type controls are gone and so are the <script> tags and everything that was between.

<TABLE border=1>
  <TBODY>
  <TR>
    <TD>Greet the world: </TD>
    <TD></TD>
  </TR>
  </TBODY>
</TABLE>

What happened? The HtmlPlaceholder object was designed to store only specific tags such as the <table>, <tr>, and <td> tags (note that these table tags are only accepted when full formatting is allowed). The full list can be obtained from the documentation.


Such restrictions are placed to prevent potentially dangerous tags from being entered and saved in placeholders. Such code could potentially cause infinite loops that open new browser windows, steal cookies, and even launch malicious applets or other controls.

Nevertheless, there may be times when your authors need to contribute content that contains these prohibited tags. Authors may need to embed client-side script, IFRAMEs, applets, or ActiveX controls within placeholder content. Usually, these objects are defined within the template file, but doing so requires the developer to insert the code. Tech-savvy authors may wish to manage such content themselves, bypassing potential workflow bottlenecks caused by busy developers.

The default HtmlPlaceholder placeholder object does not allow all tags. To get around this, we will build a custom placeholder control. Let’s call it the AllTagsHtmlPlaceholderControl. The control will have the same look and feel as the HtmlPlaceholderControl but it will modify the content so that the underlying HtmlPlaceholder no longer detects the disallowed tags when the posting is saved.

Here’s the completed AllTagsHtmlPlaceholderControl in authoring view. It looks exactly like the HtmlPlaceholderControl. Authors won’t even know the difference.

The magic about it is that after the posting is saved, the previously “illegal” elements and JavaScript remain! The screenshot below shows the HTML code within the placeholder control after it has been saved:

Other -----------------
- Sharepoint 2013 : Create a Team Site, Create an Enterprise Wiki Site in SharePoint Server, Create a Blog Site
- Sharepoint 2013 : Create a Subsite
- SQL server 2008 R2 : Reverting to a Database Snapshot for Recovery
- SQL server 2008 R2 : Setup and Breakdown of a Database Snapshot
- Windows Home Server 2011 : Maintaining Windows Home Server - Checking Free Disk Space on the System Drive
- Windows Home Server 2011 : Maintaining Windows Home Server - Checking Your Hard Disk for Errors
- Windows Home Server 2011 : Maintaining Windows Home Server - Checking System Uptime
- HP ProLiant Servers AIS : How Memory Works
- HP ProLiant Servers AIS : Memory and Cache
- SQL Server 2008 R2 : A Performance Monitoring Approach (part 3) - Monitoring Memory, Monitoring the Disk System
- SQL Server 2008 R2 : A Performance Monitoring Approach (part 2) - Monitoring the Processors
- SQL Server 2008 R2 : A Performance Monitoring Approach (part 1)
- Microsoft Systems Management Server 2003 : The Four-Phase Patch Management Process (part 2) - The Evaluate & Plan Phase, The Deploy Phase
- Microsoft Systems Management Server 2003 : The Four-Phase Patch Management Process (part 1) - The Assess Phase, The Identify Phase
- Microsoft Systems Management Server 2003 : Patch Management - Preparing for Patch Management
- Microsoft Systems Management Server 2003 : Patch Management - The Need for Effective Patch Management, Introduction to the Patch Management Process
- Windows Server 2012 : Configuring post-installation settings
- Windows Server 2012 : Enabling and disabling the graphical interface in Hyper-V
- Windows Server 2012 : Managing a Server Core installation using sconfig
- SQL Server 2012 : Running SQL Server in A Virtual Environment - EXTENDED FEATURES OF VIRTUALIZATION
 
 
Most view of day
- Maintaining Dynamics GP : Troubleshooting issues with a DexSQL log
- BizTalk Server 2009 Operations : Disaster Recovery (part 1) - Configuring the Destination System for Log Shipping
- Windows Server 2012 : Provisioning and managing shared storage (part 7) - Managing shared storage - Managing volumes, Managing shares
- Microsoft Systems Management Server 2003 : Security - Accounts and Groups
- Microsoft Exchange Server 2010 : Setting Up Transport Rules (part 1) - Transport Rules Coexistence Between Exchange 2007 and 2010 , Transport Rules and Server Design Decisions
- SharePoint 2013 Request Management (part 2) - Request Management Administration
- Windows Server 2012 Requirements and Installation : Installing Server 2012 (part 1) - Server Core Install
- Microsoft OneNote 2010 : Doing Research with Linked Notes (part 1) - Beginning a Linked Notes Session
- Reporting in Dynamics AX 2009 : Inside the Dynamics AX 2009 Reporting Framework
- Sharepoint 2013 : New Installation and Configuration - Managed Accounts
Top 10
- Microsoft Project 2010 : Linking Tasks (part 8) - Auditing Task Links,Using the Task Inspector
- Microsoft Project 2010 : Linking Tasks (part 7) - Creating Links by Using the Mouse,Working with Automatic Linking Options
- Microsoft Project 2010 : Linking Tasks (part 6) - Creating Links by Using the Entry Table
- Microsoft Project 2010 : Linking Tasks (part 5) - Creating Links by Using the Task Information Dialog Box
- Microsoft Project 2010 : Linking Tasks (part 4) - Entering Leads and Lags, Creating Links by Using the Menu or Toolbar
- Microsoft Project 2010 : Linking Tasks (part 3) - Using the Start-to-Start Relationship,Using the Finish-to-Finish Relationship
- Microsoft Project 2010 : Linking Tasks (part 2) - Using the Start-to-Start Relationship,Using the Finish-to-Finish Relationship
- Microsoft Project 2010 : Linking Tasks (part 1) - Defining Dependency Links
- Microsoft Project 2010 : Defining Task Logic - Manipulating Your Schedule
- Microsoft Lync Server 2013 : Director Troubleshooting (part 3) - Synthetic Transactions,Telnet
 
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro