Learn how to safely allow some HTML content to be output on the page while still preventing malicious code from being output.
- [Narrator] Now that we have addressed the issues…around page visibility in the public context,…let's move on to another difference…that we highlighted at the beginning of this chapter.…The staff context and the public context…are going to handle the HTML that's stored…in the database for our page content differently.…In the staff area, when we view a page,…we want to see the HTML.…We want to see for example,…that history has been wrapped inside h1 tags.…That's meaningful to us in the staff area,…but for the public, when we go…to present this data, we don't want that.…
We want history to actually be inside h1 tags.…We want it to be actual HTML so that all the behaviors…and styles associated with that tag take effect.…Now, you may remember that the way we got this…to work originally was by removing the escaping…that we normally do around this content.…In part one of this course,…we created this special helper method,…a shortcut called h, and what that function does,…is it converts any special HTML characters in that content…
- Creating a content management system
- Building dynamic content navigation
- Using context and function options for conditional behavior
- Hiding content from the public view
- Insecure direct object reference
- Allowing HTML in dynamic content
- Previewing content in the public context
- Working with cookies and sessions
- Storing status messages in the session
- Secure user authentication (login/logout)
- Regulating page access
- Nesting related resources
- Managing an ordered list automatically
Skill Level Beginner
1. Create a Content Management System
2. Build Dynamic Content Navigation
3. Use Context and Options
4. Cookies and Sessions
5. Regulate Page Access
6. Nesting Related Resources
Next steps1m 15s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.