ExpressJS HTML编码器

时间:2014-11-28 19:37:04

标签: javascript html ckeditor

我的wysiwyg html编辑器遇到了问题,其内容和格式(粗体,斜体)将显示未格式化和适当的标签(<strong></strong><i></i>),但是当我查看源代码时,我会看到标签不是html编码的。看来这就是为什么我在视图中显示的所有内容都无法正确显示的原因。有谁知道可以修复此信息的软件包?或者在保存到我的数据库之前是否有一个很好的解决方案来编码内容?

以下是代码的显示内容:

Code Displayed

以下是源代码的样子:

Source code

以下是发布内容的位置:

<head>
    <% include ../partials/head %>
    <script src="//cdn.ckeditor.com/4.4.5/standard/ckeditor.js"></script>
</head>

<body>

    <header>
        <% include ../partials/header %>
    </header>

    <div class="grid grid-pad">
        <div class="col-1-1">
            <h1>Blog Create</h1>


            <form action="/admin/posts/create" method="POST">
                Title: <input type="text" name="title"><br>
                Author: 
                    <select name="author">
                        <option value="Author">Test</option>
                    </select><br>
                Tagline: <input type="text" maxlength="160" name="tagline"><br>
                Content:<br>
                <textarea name="content" id="blog-editor" rows="10" cols="80">

                </textarea><br>
                Tags: <input type="text" name="tags"><br>
                <input type="submit" value="Submit">
            </form>
        </div>
    </div>

        <script>
    // Replace the <textarea id="blog-editor"> with a CKEditor
                // instance, using default configuration.

                CKEDITOR.replace( 'blog-editor' );
                CKEDITOR.config.entities = false;   
CKEDITOR.config.basicEntities = false;
CKEDITOR.config.entities_greek= false;
CKEDITOR.config.entities_latin= false;  
CKEDITOR.config.htmlEncodeOutput = false;
CKEDITOR.config.protectedSource.push = '/<\#[\s\S]*#\#>/g';



    </script>


    <footer>
        <% include ../partials/footer %>
    </footer>

</body>
</html>

模型架构:

var mongoose    = require('mongoose');
var mongoosePaginate = require('mongoose-paginate');
var Schema      = mongoose.Schema;



var BlogPostSchema  = new Schema({
        title: String,
        blogUrl: String,
        author: String,
        tagline: String,
        category: String,
        content: String,
        tags: { type: String, lowercase: true },
        date: { type: Date, default: Date.now() }
});

BlogPostSchema.post('init', function (post) {
    var date = new Date(post.date || Date.now() );
    post.dateString = date.getMonth() + 1 + '/' + date.getDate() + '/' + date.getFullYear();

});

BlogPostSchema.plugin( mongoosePaginate );

var Blogpost = mongoose.model("Blogpost", BlogPostSchema);



module.exports = mongoose.model('Blogpost', BlogPostSchema);

routes.js:

var express = require('express');
var router = express.Router();
var blogDB = require('../config/blogDB.js');
var Blogpost = require('./models/blogModel.js');
var paginate = require('express-paginate');

router.route('/admin/posts/create')

    // START POST method
        .post(function(req, res) {

            console.log("New instance");

            var blogpost = new Blogpost(); // create a new instance of a Blogpost model

            blogpost.title = req.body.title; // set the blog title
            blogpost.blogUrl = blogpost.title.toLowerCase().replace(/\s+/g,"-");
            blogpost.author = req.body.author; // set the author name
            blogpost.tagline = req.body.tagline; // set the tagline
            blogpost.content = req.body.content; // set the blog content
            blogpost.category = req.body.category; // set the category
            blogpost.tags = req.body.tags; // set the tags
                //Save Blog Post
                blogpost.save(function(err) {
                    if (err)
                        res.send(err);

                    res.redirect(303, '/'); //NEEDS TO BE CHANGED
                });

        }) // END POST method


        .get(function(req, res) {
            res.render('pages/blogpost-create');
        });

function getSearchCriteria(params) {
      return {
          blogUrl: params.blogpost_blogUrl
      };
}

1 个答案:

答案 0 :(得分:0)

问题在于模板。在EJS中,转义所有HTML标记的方法是使用<%- code %>而不是<%= code %>