|
Thanks very much for that info!!
Suzanne ( 2Bwy
A13.32)
desk: 646-252-8663, cell: 347-907-1125
Thanks to all your
comments, we have a solution.
The best I’ve been able
to do on the server side is remove the offending binary code, basically losing
the format.
Using fckeditor
(thanks, Dwayne) I’m back on the client side and the initial prognosis is good.
The text is converted to nicely formatted html. As long as you’re remaining in a
web environment, it shouldn�217;t really pose any problems, but if you are to use,
say Oracle Reports, to extract data from the tables and render it out as PDF,
additional work may be required. Let’s keep in mind that what we’re asking it to
do is retain formatting. I’d much rather deal with formatting retained as HTML
instead of some pile of ascii-binary-ascii junk.
At Joe B’s request I
reversed the process to see what would happen when I pasted html stored in the
table back to MSWord. The text retrieved directly from the table (figure 1), had
visible html tags. The text retrieved from the table and pasted from fckeditor
back into MSWord (figure 2) looked great.
(figure
1)
<P>this is a test of
bullets</P>
<UL>
<LI>1</LI>;
<LI>2</LI>;
<LI>3</LI>;</UL>;
(figure
2)
this is a test of
bullets
· ; ;
1
· ; ;
2
· ; ;
3
Thanks again for all
the input received. You guys are great.
Monty
(Note to self:̷0;”why am
I not using Application Express for this?̶1;)
From:
ml-errorsfatcity.com [mailto:ml-errorsfatcity.com] On Behalf Of Emberson, Dwayne
Sent: Monday, July 21, 2008 9:21
AM
To: Multiple recipients of
list ODTUG-WEBDEV-L
Subject:
RE: Scrubbing user inputs
Again, am unsure
of what your client is, or how you are accepting the input, but one idea is to
use the freely available fckeditor as a javascript text area input on your
forms. When you do a paste from Word to the editor, it scrubs the input, and
converts it into clean HTML, so bullets still look nice, but are now in HTML.
This is a tremendous tool for bringing very nicely formatted text into a text
area. It is also a nice in-line web editor for direct entry as well. Application
Express now has this editor built into it as one of the options for a text
area.
Dwayne
From:
ml-errorsfatcity.com [mailto:ml-errorsfatcity.com] On Behalf Of Begenwald, Joe
Sent: Monday, July 21, 2008 9:01
AM
To: Multiple recipients of
list ODTUG-WEBDEV-L
Subject:
RE: Scrubbing user inputs
Didn’;t mean to imply
that it couldnR17;t or shouldn�217;t be done in the database. I agree that’;s the
best approach. I was just saying you shouldn�217;t be “criticizedR21; (if that’;s
even what it was) for saying you “needed” to handle this on the
client.
From:
ml-errorsfatcity.com [mailto:ml-errorsfatcity.com] On Behalf Of Monty Latiolais
Sent: Friday, July 18, 2008 6:11
PM
To: Multiple recipients of
list ODTUG-WEBDEV-L
Subject:
RE: Scrubbing user inputs
I appreciate all giving
of their time to look at this.
I do have access to
both client and server side. Based on the responses I’ve received, I will
“scrub” it server-side.
I thought this type of
validation would normally be done client-side. That was my motivation as much as
anything.
Have a great
weekend!
Monty
From:
ml-errorsfatcity.com [mailto:ml-errorsfatcity.com] On Behalf Of Begenwald, Joe
Sent: Friday, July 18, 2008 4:35
PM
To: Multiple recipients of
list ODTUG-WEBDEV-L
Subject:
RE: Scrubbing user inputs
I’m just guessing here,
John (and James, too), but perhaps Monty will only have access to the client
code, and may not pe permitted to make server-side changes. Not ideal, I
grant you, but all too common.
From:
ml-errorsfatcity.com [mailto:ml-errorsfatcity.com] On Behalf Of John Flack
Sent: Friday, July 18, 2008 12:11
PM
To: Multiple recipients of
list ODTUG-WEBDEV-L
Subject:
RE: Scrubbing user inputs
Tell us a little
more – what errors are you getting – error code, additional
information?
What is the
datatype of the parameter to your “action” procedure that processes input from
the form? ; What is the datatype of the comment column in your table?
Why do you need to handle it client-side?
I have used a
“clean-upR21; routine that handles this server side – it removes white space from
the beginning and end of the incoming data, changes non-printable characters to
spaces, removes extra spaces and normalizes carriage returns and linefeeds to
CRLF sequences before storing the data in the
database.
From:
ml-errorsfatcity.com [mailto:ml-errorsfatcity.com] On Behalf Of Monty Latiolais
Sent: Friday, July 18, 2008 11:31
AM
To: Multiple recipients of
list ODTUG-WEBDEV-L
Subject:
Scrubbing user inputs
Hello
all,
I’ve built a simple html form using
the pl/sql web toolkit that has a place for the user to include comments.
It’s been in production for months
if not years.
Recently, we’ve experienced errors
related to the content of the comments
and I’ve traced it to users cutting
and pasting content from MS Word directly into the web form comments
field.
Even that is fine except for when
the user attempts to paste in bullets.
I’ll have to handle this on the
client-side. Any ideas?
Regards,
Monty
|
