I'm trying to return as ajax response a raw html, this is the function that return the response:
res.render('partial/messages', {
successMsg: 'An email has been sent to you.' +
'Send Again.',
layout: false
}, function (err, list) {
res.set('Content-Type', 'text/html');
res.status(200).send({ msg: list });
});
the partial view message contains the following:
<% if(successMsg != ''){ %>
<div class="alert alert-success alert-dismissible fade show" role="alert">
<%= successMsg %>
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<% } %>
the ajax response is:
"
<div class="alert alert-success alert-dismissible fade show" role="alert">
An email has been sent to you.`<a href="127.0.0.1:3000/user/resendToken?email=foo#outlook.it">Send Again.</a>`
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
"
why the <a href tag is render &alt; ?
How can I fix that problem?
&alt; is the HTML entity corresponding to <. This is used to prevent code injection.
EJS is doing the transformation when you include a string using the <%= something %> syntax.
To prevent it, use the <%- something %> syntax.
Keep in mind that not escaping those characters may expose your service to XSS attacks.
Because <%= ... %> escapes the HTML. If you are sure you can trust the user.email and other user generated data, you can use the <%- successMsg %> instead, which won't escape the HTML.
You can read more about tags in the Docs section of EJS here.
Related
I am doing some simple validation on a form and using bootstrap for alert dismissing. I have an ejs partial for displaying error messages. When trying to render the error message its just showing the actual block of code.
Here is my partials ejs:
<% if(typeof errors != 'undefined') { %>
<% errors.forEach(error => { %>
<div class="alert alert-warning alert-dismissible fade show" role="alert">
<%= error.msg %>
<button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
</div>
<% }) %>
<% } %>
Here is where I include that partial to the register.ejs file I have
<%= include ("./partials/messages") %>
<form action="/users/register" method="POST">
<div class="form-group">
<label for="name">Name</label>
<input
type="name"
id="name"
name="name"
class="form-control"
placeholder="Enter Name"
value="<%= typeof name != 'undefined' ? name : '' %>"
/>
Here is a screenshot of what it is outputting:
Why is it showing the actual code instead of rendering as HTML?
I am implementing a payment method in my e-commerce website using stripe and node.js , and I am not using a database only using JSON files to add my items to the website, but I am getting errors in ejs file. for rendering the page I used the fs module in node js. I wanted to know where I can define the items in ejs , or server , or HTML file
''' shop.ejs'''
<div class="box-container">
<% items.products.forEach(function(item){ %>
<div class="box" data-item-id="<%= item.id %>">
<div class="icons">
</div>
<img class="image" src="/image/<%= item.imgName %>" alt="">
<div class="content">
<div class="price"> ₹ <%= item.price %></div>
<h3 class="shop-item-title"><%= item.name %></h3>
<div class="stars">
<i class="fas fa-star"></i>
<i class="fas fa-star"></i>
<i class="fas fa-star"></i>
<i class="fas fa-star"></i>
<i class="far fa-star"></i>
<span> (50) </span>
</div>
</div>
</div>
<% }) %>
'''server.js'''
app.get('/shop', function(req, res){
fs.readFile('items.json', function(error, data){
if(error){
res.status(500).end()
}else {
res.render('shop.ejs', {
items: JSON.parse(data)
})
}
})
})
'''error'''
>> 172| <% items.products.forEach(function(item){ %>
173| <div class="box-container" data-item-id="<%= item.id %>">
174| <div class="box">
175| <div class="icons">
items are not defined
Did you pass the items data object to the ejs render function?
So the title might not be the best description of my problem because I don't really know how to sum up the problem. I have a forEach loop for each event in my database and each one is classified as type = to either "trip", "ropes course", or "other". I have a section for each type of event, but I would like a way where if there are no events in the section I can not display the bannertron header and if there are no events in the whole database I can display different HTML. My code also seems very WET and I would love any suggestions on how to DRY up this page.
<% include partials/header %>
<div class="image-text">
<img src="../images/trip-photo.jpg" class="bannertron">
<div class="centered">Upcoming Trips</div>
</div>
<div class="container event">
<% events.forEach(function(event){ %>
<% if(event.type === "trip"){ %>
</br>
<h4><strong><%= event.title %></strong></h4>
<span><%= event.startdate %> - </span>
<span><%= event.enddate %></span>
<h6><strong>Location: </strong><%= event.location %></h6>
<p><%= event.description %></p>
<% if(currentUser && (currentUser.admin === true)){ %>
Edit
<form action="/calendar/<%= event._id %>?_method=DELETE" method="POST">
<button class="btn btn-danger">Delete</button>
</form>
<% } %>
<hr class="event-hr">
<% } %>
<% }); %>
</div>
<div class="image-text">
<img src="../images/climbing-photo.jpg" class="bannertron">
<div class="centered">Upcoming Climbing Days</div>
</div>
<div class="container event">
<% events.forEach(function(event){ %>
<% if(event.type === "ropescourse"){ %>
</br>
<h4><strong><%= event.title %></strong></h4>
<span><%= event.startdate %> - </span>
<span><%= event.enddate %></span>
<h6><strong>Location: </strong><%= event.location %></h6>
<p><%= event.description %></p>
<% if(currentUser && (currentUser.admin === true)){ %>
Edit
<form action="/calendar/<%= event._id %>?_method=DELETE" method="POST">
<button class="btn btn-danger">Delete</button>
</form>
<% } %>
<hr class="event-hr">
<% } %>
<% }); %>
</div>
<div class="image-text">
<img src="../images/other-photo.jpg" class="bannertron">
<div class="centered">Other Events</div>
</div>
<div class="container event">
<% events.forEach(function(event){ %>
<% if(event.type === "other"){ %>
<h4><strong><%= event.title %></strong></h4>
<span><%= event.startdate %> - </span>
<span><%= event.enddate %></span>
<h6><strong>Location: </strong><%= event.location %></h6>
<p><%= event.description %></p>
<% if(currentUser && (currentUser.admin === true)){ %>
Edit
<form action="/calendar/<%= event._id %>?_method=DELETE" method="POST">
<button class="btn btn-danger">Delete</button>
</form>
<% } %>
<hr class="event-hr">
</br>
<% } %>
<% }); %>
</div>
<% include partials/footer %>
Ideally, I would be able to loop through the events, check which type it is, put it in its respective area, and if there are none of a type, display some text like "no events scheduled" and if there are no events in total, display something else.
If this was me, I would split the events up into 3 different arrays in the node file, instead of sorting it all out inside of an ejs file. The Array.prototype.filter command would be useful for this. The nice thing about it is it returns a new array, with only items that return true for the function you pass in. It does not alter the original array, just passes a new one in. You can do something like
var trips = events.filter(function(event){
return event.type == "trip";
});
//do similar for "rope course", and for "other" you could do something like
return event.type != "trip" && event.type != "rope course"
// for the return statement.
You can do a
if(events.length == 0){
// show different html file
} else {
// show the html file with events, passing in the arrays
}
Make sure you pass all the arrays into the ejs file. For each array, you can do a similar
if(trips.length != 0){
// show banner and stuff
}
And do it for all three.
Hope this helps!
I am trying to adapt my error code so it can also handle other types of error like success
For example, when I render the sign up page
res.render('signup', {
errors: req.flash('errors')
});
Upon submitting the page, I am successfully sending the error flash with this code:
req.flash('errors', { msg: 'Account with that email address already exists.' });
and rendering it correctly with code.
<% if (errors.length > 0 ) {
for(var i=0; i < errors.length; i++) { %>
<div class="alert alert-danger alert-dismissible fade show" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-
label="Close">
<span aria-hidden="true">×</span>
</button>
<%= errors[i].msg %>
</div>
<% } %>
<% } %>
But in other instances I may have
req.flash('success', { msg: 'You have signed up successfully' });
How would you adapt the flash rendering block of code above so its suitable for both 'errors' and 'success'
I found some .pug code (not EJS) online (sahat hackathon-starter) that checks messages.errors but I am not sure where messages came from here!
if messages.errors
.alert.alert-danger.fade.in
button.close(type='button', data-dismiss='alert')
i.fa.fa-times-circle-o
for error in messages.errors
div= error.msg
if messages.info
.alert.alert-info.fade.in
button.close(type='button', data-dismiss='alert')
i.fa.fa-times-circle-o
for info in messages.info
div= info.msg
if messages.success
.alert.alert-success.fade.in
button.close(type='button', data-dismiss='alert')
i.fa.fa-times-circle-o
for success in messages.success
div= success.msg
Thanks
Tony
<% if (errors.length > 0 ) {
for(var i=0; i < errors.length; i++) { %>
<div class="alert alert-danger alert-dismissible fade show" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
<%= errors[i].msg %>
</div>
<% } %>
<% } %>
<% if (success.length > 0 ) {
for(var i=0; i < success.length; i++) { %>
<div class="alert alert-success alert-dismissible fade show" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
<%= success[i].msg %>
</div>
<% } %>
<% } %>
I love using Hexo.. :)
I've setup custom page. Is it possible to show all post in my page as paginated?
Using site.posts got me all post without pagination.
What should I do to get all post as paginated from page?
Thanks.
In the main configuration file _config.yml, there is a per_page variable to allow you to choose how many post you want ot display per page.
Create a template, index.ejs for example :
<% page.posts.each(function(post) { %>
<article>
// do what you have to do to display each post
</article>
<% }) %>
<%- partial('pagination', {type: 'page'}) %>
As you can see, We use the page variable to get 7 posts.
After that, create an other template pagination.ejs, that allow you to navigate through the page :
<div class="pagination-bar">
<ul class="pagination">
<% if (page.prev) { %>
<li class="pagination-prev">
<% if (page.prev === 1) { %>
<a class="btn btn--default btn--small" href="<%- url_for(' ') %>">
<% } else { %>
<a class="btn btn--default btn--small" href="<%- url_for(page.prev_link) %>">
<% } %>
<i class="fa fa-angle-left text-base icon-mr"></i>
<span><%= __('pagination.newer_posts') %></span>
</a>
</li>
<% } %>
<% if (page.next) { %>
<li class="pagination-next">
<a class="btn btn--default btn--small" href="<%- url_for(page.next_link) %>">
<span><%= __('pagination.older_posts') %></span>
<i class="fa fa-angle-right text-base icon-ml"></i>
</a>
</li>
<% } %>
<li class="pagination-number"><%= _p('pagination.page', page.current) + ' ' + _p('pagination.of', page.total) %></li>
</ul>
</div>
I wrote a Hexo theme : Tranquilpeak, I recommend you to check the source code to understand how I built it and of course read the official Hexo documentation