Using ColdFusion 8 I usually escape all my form inputs like so:
<input id="foo" value="#XMLFormat(trim( form_name.param_name ))#" />
So how about hidden inputs? Should these also be escaped? I haven't tried, but I could very well pull a hidden input up in Firebug, enter whatever and try to submit, can I?
The goal of escaping in this case is to keep the HTML well formed so yes - hidden vars need to be escaped (or encoded) as well. I usually use urlencodedformat() for this. Consider what would happen if the value you were placing in the hidden var were a variable like this:
<cfset form.fullname= 'Bob "the tiger" Johnson'/>
<input type="hidden" name="fullname" value="#form.fullname#"/>
The output would actually look like this:
<input type="hidden" name="fullname" value="Bob "the Tiger" Johnson"/>
This would mean your hidden var would come through as "Bob " ... and the rest would be lost. The situation might get worse if any part of your strings contain HTML or slashes or angle brackets.
Related
I have a page with multiple textboxes and dropdowns with values that I am trying to validate. The values in them will be dynamic in each run.
The HTML looks something like:
<input readonly="readonly" class="form-control valid" data-val="true" data="ABC" aria-invalid="false" xpath="1">
What I want to do is grab the value of "data" for each textbox. I have used scriptAll before in such a case when I was grabbing text by using innerText. However, that won't work with a regular value such as in the HTML above.
I did try one solution that worked:
driver.value(//input[#data])
However, that just grabs the first textbox value, is there a way I can combine scriptAll with driver.value? OR would I be better off doing some JS here?
Thank you in advance!
Yes, refer the docs for scriptAll(): https://github.com/karatelabs/karate/tree/master/karate-core#scriptall
Use whatever JS works to get an attribute value. Haven't tried, but this should work, you get the idea:
* def list = scriptAll('input', "_.getAttribute('data')")
I guess is not too much difficult but your help will be useful as always.
I had before a text input where the user if click in it select all the content from this input to be able to replace faster his content like in the next example:
<input type="text" value="whatever" onclick="this.setSelectionRange(0, this.value.length)">
So, my question will be, how can I do the same behaviour in a numeric input like the next one?
<input type="number" value="1111">
I tried to add obviously this onclick="this.setSelectionRange(0, this.value.length)" but seems only to work on the text inputs.
Actually, was easy.
I found this solution that works good.
<input type="number" value="111" onclick="this.select();">
I have an input element where I need to set one extra attribute and its value.
<input autocomplete="off" id="to_input" name="to" class="form-control arrival ui-autocomplete-input" placeholder="To" data-input-component="searchCondition" data-input-support="suggest" type="text">
I need to add the below attribute:
How can I do this in Geb?
To say a little more details, when I enter TPE in the input text box, some dropdown items appears and when I select one of them like
"Taipei, XXX.. (TPE)"
Than the new attributes are set automatically same as the picture above.
The only way to do it, is using JavaScript executor:
browser.driver.executeScript("your script")
And script using jquery will look like:
$('jquery-selector').attr('attribute-name', 'attribute-value');
Of course make sure to fill in your data in quotes!
This is an update from a previous question. I'm not sure if this is even possible but I have a CFOUTPUT tag that has a single input tag inside it. This input tag equates to 65 possible checkboxes. The problem I'm having is trying to figure out what value to put in the name attribute of the input tag. I need 22 unique names that are static and don't change. My code is as follows:
<form action="new_processOptInfo.cfm" id="displayOptions" method="post" name="displayOptions">
<cfoutput query="categorize" group="categoryName">
<h3>#UCASE(categoryName)#</h3>
<cfoutput>
<input type="checkbox" value="#idOptions#" name="option1" /> #option#<br>
</cfoutput>
</cfoutput>
<input type="submit" value="Submit" name="submitOptions" id="submitOptions" />
</form>
So how do I name the input tag?
In reply to a comment OP made.
In plain English I want to have unique names for my checkboxes that are generated automatically. I thought that when you INSERT values into a table the form tag names have to be unique
(This reply was just too many characters to leave as a comment.)
For the record, field names don't have to be unique. Cold Fusion receives duplicate field names' values in a comma delimited list. There's actually great use in that. You can have 50 checkbox named p_IDs and if 3 are checked cold fusion will recieve the values checked (like 7,15,32, if those were the values checked).
This is extremely useful with cfloops like
<cfloop list="#form.p_IDs#" index="p">Product #p# selected</cfloop>.
You can name corresponding input field, like textboxes like
<input name="desc_#dbID#" type="text">
<input type="checkbox" name="p_IDs" value="#dbID#">
And then in the cfloop on processing page use code like
<cfloop list="#form.p_IDs#" index="p">
Product #p#'s description is #form["desc_#p#"]#
</cfloop>
You could place an insert query into the cfloop (or an update, or delete query).
Examples of where this is useable is say if you wanted to mass delete selected rows, rather than deleting each row individually.
This functionality (works in a similar fashion across nearly every language) is the beauty of checkboxes. You can name them different things, but why would you want to? As far as radio buttons, naming them different things defeats their purpose.
On the subject of other input elements though, certainly name them different things.
As #FishBelowtheIce said option1 is being sent to the action page as a list so when I was made aware of that and looped through it. I just had to fix my typos and it worked. The code below is what I have now.
<cfif IsDefined("form.submitOptions")>
<cfloop index="index" list="#options#" delimiters="," >
<cfquery name="updateInsOpTable" datasource="applewood">
INSERT INTO ins_opt_table
( address,option1,option2,option3,option4,option5,option6
, option7,option8,option9,option10,option11,option12
, option13,option14,option15,option16,option17,option18
)
VALUES (#form.address#, #options#)
</cfquery>
</cfloop>
</cfif>
I have some slightly funky UI for inputting tags for a blog post: as tags are entered into an input field they are wrapped into spans that make them look nice by surrounding them in a stylized box, the end result comes out to be something like this:
http://forr.st/posts/OLs/original
Now, this input field (call it field 1)is not part of the form that gets submitted to the controller (I'm using RoR btw) for two reasons: it contains extraneous html tags, besides the actual tags; also if it was part of the form pressing enter would submit the form instead of triggering the js that wraps the entered tag into a span.
So what I'm doing is when each tag is entered, I copy its value (via js) to a hidden input field that IS part of the tag entry form, and when submitted would contain only the tag values and nothing else. The question is: What should I use as delimiter to separate the tags in the hidden input field. Currently I'm using ';' but if a tag itself contains ; that'd cause problems.
I'm also open to suggestions about the general method of how to keep track of the tags entered into 'field 1'
Thanks a lot,
I would recommend just adding a hidden input for each tag.
<input type="hidden" name="post[tags][]" value="tag_name" />
<input type="hidden" name="post[tags][]" value="tag_name" />
<input type="hidden" name="post[tags][]" value="tag_name" />
then in rails
post.rb
def tags=(value)
tag_array = [*value]
# then just filter these out.
end
I use a similar method with the tokenInput jQuery plugin. But in my case I've placed it inside the form. I solved the problems that you mentioned by capturing the keypress event and preventing it for that input and I ignore the search input value.
The one thing that I really like about keeping it inside the form is how it is managed afterward. I place the hidden tag, name, and a remove 'x' in a span (like you mentioned) and then just remove this tag when the 'x' is clicked. I like this because the name and the hidden_tag are removed at the same time.
Just one other tip. If you can, pass the tag_id in the hidden field. This way you don't have to add the tags attribute add all: <input type="hidden" name="post[tag_ids][]" value="tag_name" />.