NodeJs project how to make user input in a form unsanitized? - node.js

I have a form in a NodeJs project where I am using:
app.use(bodyParser.urlencoded({extended: true}));
I want to make it where if a user enters <h1>hello</h1> into the form that it will show up as "hello" formatted as an h1 instead of <h1>hello</h1>
<form action="/blogs" method="POST">
<div class="form-group">
<input class="form-control" type="text" name="name" placeholder="name">
</div>
<div class="form-group">
<input class="form-control" type="text" name="image" placeholder="image url">
</div>
<div class="form-group">
<input class="form-control" type="text" name="description" placeholder="description">
</div>
<div class="form-group">
<button class="btn btn-lg btn-primary btn-block">
Submit
</button>
</div>
</form>

I found a solution to my problem.
In Node.js if you want to display information as HTML, in the index.ejs file
you need to do a
<%- blog.description %>
, where that dash is the key.
Before i had
<%= blog.description %>.

Related

how can i change string format of Price in database to integer format in mongodb?

This is my input form. Here, the Price label save as string in Database. How can change it into integer format. I'm using mongodb 3.2 version
<section>
<div class="container mt-4">
<div class="row">
<div class="col-md-6">
<h2 class="text-center">Add Product</h2>
<form action="/admin/add-product" method="POST" enctype="multipart/form-data">
<label for="">Name</label>
<input type="text" name="Name" class="form-control">
<label for="">Category</label>
<input type="text" name="Category" class="form-control">
<label for="">Price</label>
<input type="number" name="Price" class="form-control">
<label for="">Description</label>
<input type="text" name="Description" class="form-control">
<label for="">Image</label>
<input type="file" name="Image" class="form-control">
<button type="submit" class="btn btn-success mt-4">Submit</button>
</form>
</div>
</div>
</div>
</section>
Add to cart
addProduct:(product,callback)=>{
db.get().collection("product").insertOne(product).then((data)=>{
console.log(data)
callback(data.ops[0]._id)
})
}
Before adding the product to database change Price to integer
let Price=parseInt(req.body.Price)
req.body.Price=Price
then add product to mongodb

Error Laravel 5.6, Symfony \ Component \ HttpKernel \ Exception \ MethodNotAllowedHttpException"

I have adjust controller name with route and send form that post method but it didnt work, i send it from modal
I have add {{ method_field('patch') }} but it still didnt work
This is from view :
<form action="{{route('edit kode', 'test')}}" method="post">
{{ method_field('patch') }}
{{ csrf_field() }}
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<i class="material-icons">clear</i>
</button>
<h5 class="modal-title">Edit Data</h5>
</div>
<div class="modal-body">
<div class="row">
<div class="col-sm-12">
<div class="form-group">
<label class="bmd-label-floating">Kode</label>
<input type="hidden" class="form-control" id="modalidkode">
<input type="text" class="form-control" id="modalkode" readonly>
</div>
</div>
<div class="col-sm-12">
<div class="form-group">
<label class="bmd-label-floating">Nama Kode</label>
<input type="text" class="form-control" id="modalnamakode" required>
</div>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-danger" data-dismiss="modal"
style="margin-right: 10px">Batal
</button>
<button type="submit" class="btn btn-info">Simpan Perubahan</button>
</div>
Controller
public function editCode(Request $request){
dd($request->all());
$edCode="05.01";
return redirect()->back()->withSuccess($edCode. " changed");
}
Route
Route::post('/pengaturan/edit', 'AllCodeController#editCode')->name('edit kode');
You're expecting the request to be a POST request in your routes, but your form is submitting a PATCH request (because of the method_field('patch') at the top of your form). Either remove the method_field() call, or change Route::post(...) to Route::patch(...).
You can read more about form method spoofing in the Laravel documentation:
HTML forms do not support PUT, PATCH or DELETE actions. So, when defining PUT, PATCH or DELETE routes that are called from an HTML form, you will need to add a hidden _method field to the form. The value sent with the _method field will be used as the HTTP request method:
<form action="/foo/bar" method="POST">
<input type="hidden" name="_method" value="PUT">
<input type="hidden" name="_token" value="{{ csrf_token() }}">
</form>

Express fails to find resources in case of parameterized route. What am I missing?

In my express app I have a separate file for middlewares. I used express.static to make the resources available to the app. Code from middlewares.js...
app.use(express.static('public'));
app.use(express.static('node_modules/vue/dist'));
app.use(express.static('node_modules/bootstrap/dist/css'));
app.use(express.static('node_modules/bootstrap/dist/js'));
app.use(express.static('node_modules/multiple.js'));
app.use(express.static('node_modules/chart.js/dist'));
It works fine for all the routes. However, when I try to define a parameterized route, and render a template this way, it fails to load up the resources. Express fails to find CSS/JS/Image files from those statics. What am I missing here? Here is my code for the route..
app.get('/invoices/:id', app.authenticated, (req, res) => {
Invoices.find({_id: req.params.id}, (err, invoice) => {
if (err) {
res.json({error: err});
}
res.render('invoicesCreate');
});
});
Updated: The View file
{{#section 'classes'}}has-navigation page-dashboard{{/section}}
{{#section 'body-classes'}}-fluid{{/section}}
<div class="row" id="invoicer">
<div class="col-xs-12 col-md-6">
Fill your details and get live preview in the right side
<form class="" action="/invoices" method="post" enctype="multipart/form-data">
<div class="">
<div class="invoiceform-logo-container">
<input type="file" name="profilelogo" id="fileinput" accept="image/*" v-on:change="updateImage()">
<img v-bind:src="logo" alt="" />
</div>
<div class="invoiceform-number"></div>
<div class="invoiceform-currency"></div>
</div>
<div class="divider"></div>
<div class="">
Your Name / Company Name
<textarea name="company_name" rows="8" cols="40" v-model="from"></textarea>
Client Name / Company Name
<textarea name="client_name" rows="8" cols="40" v-model="to"></textarea>
\{{date_title}}
<input type="date" name="start_date" v-model="date">
\{{due_date_title}}
<input type="date" name="end_date" v-model="due_date" v-bind:min="date">
\{{balance_title}} \{{balance}}
<div class="input-group">
<span class="input-group-addon">$</span>
<input name="end_date" type="text" class="form-control" placeholder="Username" aria-describedby="basic-addon1">
</div>
</div>
<div class="invoiceform-itemlist" v-on:focusout="checkToRemove()">
<div class="">
\{{item_header}}
\{{quantity_header}}
\{{unit_cost_header}}
\{{amount_header}}
</div>
<div class="" v-for="item in items">
<input type="text" name="items[1][item_name]" v-model="item.head">
<input type="number" name="items[1][item_quantity]" v-model="item.quantity" min="0" v-on:blur="updateAmount($index)">
<input type="number" name="items[1][item_rate]" v-model="item.rate" min="0" v-on:blur="updateAmount($index)">
<input type="number" name="items[1][item_amount]" v-model="item.amount">
</div>
<button type="button" name="button">Add Item</button>
</div>
<div class="divider"></div>
<div class="">
\{{subtotal_title}} \{{subtotal}}
\{{tax_title}}
<div class="input-group">
<input type="text" class="form-control" aria-label="Text input with dropdown button" v-model="tax">
<span class="input-group-addon">
<input type="radio" name="" aria-label="Checkbox for following text input"> %
</span>
<span class="input-group-addon">
<input type="radio" name="" aria-label="Checkbox for following text input"> F
</span>
</div>
<div id="discount" v-if="fields.discount">
Discount <input type="number" name="" v-model="discounts">
</div>
<div id="shipping" v-if="fields.shipping">
Shipping <input type="number" name="shipping" v-model="shipping">
</div>
<div class="btn-group" data-toggle="buttons">
<label class="btn btn-primary">
<input type="checkbox" name="discount" v-model="fields.discount"> \{{discounts_title}}
</label>
<label class="btn btn-primary">
<input type="checkbox" name="shipping" v-model="fields.shipping"> \{{shipping_title}}
</label>
</div>
</div>
<div class="divider"></div>
<div class="">
Total <input type="number" name="name" v-model="total" min="0">
\{{amount_paid_title}} <input type="number" name="total" v-model="amount_paid" min="0" v-bind:max="total">
</div>
<div class="divider"></div>
<div class="">
\{{notes_title}}
<input type="text" name="name" v-model="notes">
\{{payment_terms_title}}
<input type="text" name="name" v-model="terms">
<button type="submit" name="button">Save Now</button>
<button type="button" name="button">Download PDF</button>
</div>
</form>
</div>
<div class="col-xs-12 col-md-6 hidden-sm-down"></div>
</div>
{{#section 'script'}}
window.invoice = {{{json defaultInvoice}}}
console.log({{{json defaultInvoice}}})
{{/section}}

Sending search form submit to a particular controller method

Windows 8
Rails 4.1
Ruby 2.0
I have the following search form in my menu:
<form class="navbar-form navbar-left" role="search">
<div class="form-group">
<input type="text" method="get" name="search-form" class="form-control" placeholder="Search">
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
When I submit, I would like to call a particular method in the agents controller. I tried:
<input type="text" method="get" name="search-form" action="agents_search_view" class="form-control" placeholder="Search">
but it did not work. I also tried:
<button type="submit" action="agents_search_view" class="btn btn-default">Submit</button>
but it did not work either. Any ideas?
You should be adding action in the form tag,not in the input and not in the submit button.
This should work
<form class="navbar-form navbar-left" role="search" action="agents_search_view">
<div class="form-group">
<input type="text" method="get" name="search-form" class="form-control" placeholder="Search">
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>

Modx formit working in one site - not working in another

I have a form and formit call that works in one site and not another, which is a direct copy of the first [migrating to a new design] The sites are identical right now, files & database were just copied. All the plugins were checked and even reinstalled.
What I have is:
<!-- contact page -->
[[!FormIt?
&placeholderPrefix=`contact.`
&hooks=`spam,email,redirect,FormItAutoResponder`
&emailTo=`[[GetSystemSetting? &setting=`emailContactMailTo`]]`
&emailSubject=`domain.com Contact form has been submitted. [[+contact.subject]]`
&emailTpl=`ContactCustomEmailTpl`
&redirectTo=`346`
&emailReplyTo=`no-reply#domain.com`
&submitVar=`contactSubmit`
&validate=`name:required,email:email:required,subject:required,text:required:stripTags`
&fiarSubject=`Your contact request to domain.com`
&fiarTpl=`ContactCustomEmailTpl`
&fiarReplyTo=`no-reply#domain.com`
]]
<form class="form" action="[[~[[*id]]]]" method="post" role="form">
<input type="hidden" name="nospam:blank" value="" />
<div class="row">
[[!+contact.error_message:notempty=`<div class="col-sm-12"><div class="alert alert-danger">[[!+contact.error_message]]</div></div>`]]
<div class="col-sm-4[[+contact.error.name:notempty=` has-error`]]">
<div class="form-group">
<label for="name"> Name: *</label>
<input id="name" type="text" name="name" value="[[!+contact.name]]" class="form-control" />
</div>
</div>
<div class="col-sm-4[[+contact.error.email:notempty=` has-error`]]">
<div class="form-group">
<label for="email"> Email: *</label>
<input id="email" type="text" name="email" value="[[!+contact.email]]" class="form-control" />
</div>
</div>
<div class="col-sm-4[[+contact.error.subject:notempty=` has-error`]]">
<div class="form-group">
<label for="subject"> Subject: *</label>
<input id="subject" type="text" name="subject" value="[[!+contact.subject]]" class="form-control" />
</div>
</div>
</div>
<div class="row">
<div class="col-sm-12[[+contact.error.text:notempty=` has-error`]]">
<div class="form-group">
<label for="text"> Message: *</label>
<textarea id="text" name="text" rows="7" class="form-control">[[!+contact.text]]</textarea>
</div>
</div>
<div class="col-sm-6 col-sm-offset-3">
<div class="form-group">
<label> </label>
<input class="btn btn-primary btn-block" type="submit" name="contactSubmit" value="Send Contact Inquiry" onClick="_gaq.push(['_trackEvent', 'ContactPage', 'Contact Submitted']);" />
</div>
</div>
</div>
</form>
</div>
The form will work if I remove the 'FormItAutoResponder' from the &hooks AND all items from the &validate parameters.
What is wrong with this form?
no usefull errors in modx or server logs
reinstalled formit
isolated it in a test page with no other markup
the emailTpl is present and mail gets sent if the 2 parameters are removed from the formit call
Perhaps the GetSystemSetting snippet is missing? Why not just use [[++emailContactMailTo]] instead?
Are the MODX and FormIt versions the same on both sites?
Try calling this debug snippet somewhere below the FormIt call. Look for unshown errors (starting with contact.error.) or any other unexpected placeholders.

Resources