Correct use of #Html.Raw() - asp.net-mvc-4

I am trying to generate a view that has collapsing panels in it. I need each panel to have a unique ID. I have successfully done it with the code below. but was warned in a different post that using #Html.Raw() is bad practice.
What is my alternative?
#Html.Raw("<div id=\"collapse")#Html.DisplayFor(modelitem => item.NAME)#Html.Raw("\" class=\"panel-collapse collapse collapse\" role=\"tabpanel\" aria-labelledby=\"heading")#Html.DisplayFor(modelitem => item.NAME)#Html.Raw("\">")

You need to understand why Html.Raw is a so-called "bad practice." If it were universally bad and should never be used then it wouldn't have been created in the first place. It's bad when it is used to write non-sanitized content to the browser because it leaves you vulnerable to an XSS attack.
Having that understanding, we can look at what you're doing and see that you are not writing out any user-provided data in your calls to Html.Raw so in this case it is probably an acceptable use.
Having said that, it seems like you could simplify things by passing a collection of divs to create in your model and just loop over them, something like the following, which may require some tweaking to get it just right.
#foreach(var panelName in model.PanelNames)
{
<div id="collapse#panelName
class="panel-collapse collapse collapse"
role="tabpanel"
aria-labelledby="heading#panelName">
}

You can simplify your code by combining text, markup, and razor Code.
In your case, use HTML with inline Razor expression :
<div id="#("collapse" + Html.DisplayFor(modelitem => item.NAME))" class="panel-collapse collapse collapse" role="tabpanel" aria-labelledby="#("heading" + Html.DisplayFor(modelitem => item.NAME))"></div>
More information about Razor syntax.

Related

What are the adversities on sending HTML from the DB?

this is the way I am receiving an object from the DB
{
BET: 57630343,
CUSTOMER: 181645,
SPORT: 'MLB',
'XX_FILL OPEN': '<button class="btn btn-xs" ng-click="fillOpen(57630343)">Fill Open</button>',
XX_VIEW: '<select>\r\n <option value="volvo" label="Volvo">Volvo</option>\r\n <option value="saab" label="Saab">Saab</option>\r\n <option value="mercedes" label="Mercedes">Mercedes</option>\r\n <option value="audi" label="Audi">Audi</option>\r\n</select>',
XX_CANCEL: '<input type="checkbox" name="sports" value="soccer" onchange="fillOpen(57630343)"/>'
}
as you can see the props starting with index of XX are HTML elements. I am taking those elements in the front-end with JavaScript and injecting them into the DOM.
This is the first time I am doing this. I am used to take an XML and send it to the front-end as a JSON so I render it.
Is there something wrong with the way we are doing it now? is there any unsafe technique here? would be easier for hackers to break into my system?
ditto on Sebas comment which should really be the answer. Security should always be handled on the server side which means this practice shouldn't make things worse.
Additionally, storing html like this is going to be a nightmare to maintain. For instance, if for some reason the 'BET' id needs to change, you will need to regenerate all of the html for that row. See data normalization for more information on why this can cause issues.

In Bootstrap 3, is it possible to use col-*-* classes on definition terms with horizontal definition lists?

For the following markup:
<dl class="dl-horizontal">
<dt>A few words describing the term</dt>
<dd>The data associated with the term</dd>
</dl>
The dt term element is fixed width (at 180px) and cannot be changed with col- due to specificity of CSS. For example, the below does not work:
<dl class="dl-horizontal">
<dt class="col-sm-3">A few words describing the term</dt>
<dd class="col-sm-9">The data associated with the term</dd>
</dl>
Description lists are for name-value pairs and a fixed width is not suitable for some languages where the single word term is longer than 180px. Truncating is not possible (it truncates valuable meaning) and word-wrapping (using Stack Overflow overrides) is not readable.
Do I need to add extra classes or should I chase up with Twitter Bootstrap?
Edit
Given the lack of answers, I have opened an issue with bootstrap:
https://github.com/twbs/bootstrap/issues/14983
...you can always write overwrite code for the col-sm-3 and col-sm-9 classes (following the exact example), but I guess it would be easier to write your own classes using media queries and the same breakpoints you are using in your bootstrap file. You can also use this custom class to set a new minimum width.
#media (min-width:XXX) and (max-width:XXX) {
dt.col-sm-3 {
width:25%;
}
dt.col-sm-9 {
width:75%;
}
}

How do I select a particular dynamic div, using Selenium when I don't have a unique id or name?

Only the content of the div is unique. So, in the following dynamically generated html, only "My Article-1245" is unique:
<div class="col-md-4 article">
<h2>
My Article-1245
Delete
Edit
</h2>
<p>O ephemeral text! Here today, gone tomorrow. Not terribly important, but necessary</p>
</div>
How do I select the edit/delete link of this specific div, using Selenium? assertText/verifyText requires an element locator, but I do not have any unique id/name (out of my control). There will be many such div blocks, with other content text, all dynamically generated.
Any help would be appreciated.
If text 'My Article' appears each time, you may use following:
//For Delete
driver.findElement(By.xpath("//h2[contains(text(),'My Article-')]/a[text()='Delete']"));
//For Edit
driver.findElement(By.xpath("//h2[contains(text(),'My Article-')]/a[text()='Edit']"));
Hope it meets your requirement :)
Matching by text is always a bad automated testing concept. If you want to keep clean and reliable test scripts, then :
Contact your web dev to add unique identifiers to the elements
Suck it up, and create selectors based on what's there.
You are able to create a CSS selector based on what you want.
What you should do is create the selector using parent-child relationships:
driver.findElement(By.cssSelector("div.article:nth-child(X) a[href^='delete']"));
As I am ignorant of your appp, this is also assuming that all of your article classes are under the same parent. You would substitute X with the number of the div you want to refer to. e.g.:
<div id="someparent">
<div class="...article" />
<div class="...article" />
...
</div>

How to get an article description or excerpt within Expression Engine

I saw in Expression Engine I can use {embed:title} and {site_name} variables, but now I need a variable to pull an excerpt or description of the article itself. Is there such a variable/tag?
ExpressionEngine tags are based solely on custom fields which you yourself have defined. So in the field group for your "articles" channel, you'll have some fields, maybe {article_summary}, {article_body}, {article_image}, etc. To display your summary, just use {article_summary} in your template.
I'm assuming that you're coming from something like WordPress maybe, where every piece of content has the_content() and the_excerpt() ... aside from a handful of global variables, and some fields which are universal to all entries (like {title}, {entry_date}, etc), ExpressionEngine isn't like that. You define what fields you use for each channel - you have complete control.
Here is the actual code you have to include in your EE template.
{exp:channel:entries channel="article" limit="5" dynamic="no"}
<div class="home_thumb">
<h1>{title}</h1>
<div class="home_thumb_img">
<img src="{article_image}">
{if article_content}
<p>{article_content}</p>
{/if}
</div>
</div>
{/exp:channel:entries}

Is it allright to wrap H1/H2/H3 tag around a multicolumn design div for headlines?

is the following syntax good to go to emhpasize a multicolumn headline totalling around 20 ~ 30 words? I dont want to use CSS3 multicolumns since it is not supported in IE9 etc.
<H3>
<div id="headingLeft" >blaa blaa blaa</div>
<div id="headingRight">blue blue blue</div>
</H3>
In response to a request from the OP:
[That's] what I was looking for! Place it as an answer so that I can accept is as an answer! The up-vote in your answer would be for the quality of the link you added. Explains everything in very clear language!
Have you considered using html5's header element, and the html5 doctype of course?
The headings shouldn't have div's inside of them. Maybe something more like this... The data in the two headings must not be too closely related, otherwise you shouldn't be splitting them apart at all. I'm assuming it's like a callout or something.
<div class="headings">
<h3 id="headingLeft" >blaa blaa blaa</h3>
<h4 id="headingRight">blue blue blue</h4>
</div>
Why not use a <div> with a class associated to it (or a css selector) instead of using H3 this way. I'm not sure this is the more SEO-friendly way of doing what you want to do.
<div class="headline">
<div id="headingLeft">blaa blaa blaa</div>
<div id="headingRight">blue blaa blue</div>
</div>
It doesn't seem that you're using H3 in a semantic way.