Insert HTML fragments

Added by Adrian Tarau about 9 years ago

There is any possibility to insert HTML fragments in wiki/project description?

I have to insert a link(with an image) back to java.net on project overview page.

Thanks.

Replies (16)

RE: Insert HTML fragments - Added by Adrian Tarau about 9 years ago

Hmmm, not possible? :)

If not I think it should be added. Any opinions?

RE: Insert HTML fragments - Added by Billy T over 8 years ago

I would like to have it with Redmine.
It may not be a plugin, just a macro in wiki editor, like {{html(
...
)}}

RE: Insert HTML fragments - Added by Gary Mueller almost 7 years ago

I was looking for similar functionality and so I added a simple macro to macros.rb. Here is the code snippet.

  desc "Insert html" + "\n\n" +
       "  !{{html(html block)}}" 
  macro :html do |obj, args|
    return CGI::unescapeHTML(args.join(","))
  end

I wouldn't advise this for a public install but for small groups where you feel comfortable allowing your users to enter html it should work fine.
Good Luck

RE: Insert HTML fragments - Added by Adrian Tarau almost 7 years ago

Sounds good, thanks. How do I use it ? ;)

RE: Insert HTML fragments - Added by Gary Mueller almost 7 years ago

  • Paste the above code into lib/redmine/wiki_formatting/macros.rb
    • You'll see a bunch of other macros in there. Just paste the code in the same area.
  • save
  • restart redmine

Example uses


iframe
  {{html(
    <iframe width="90%" height="250" src="http://en.wikipedia.org/wiki/Redmine"></iframe>
  )}}

thumbnail (although you can paste images with textile, note that i am setting the size here)
  {{html(
    <IMG SRC="http://www.redmine.org/attachments/4091/Redmine-Logo-CyberSprocket-Composite.png" WIDTH="50" HEIGHT="50">
  )}}

any other html tags you can think of. I chose these as they extend the current wiki capabilities

You can use the macro to dress up wiki pages, project overview pages, issues, issue notes and to some extent repository commits

Note: if your html contains a closing curly brace you'll need to escape it by changing it to &#125; This is because otherwise the wiki formatter will prematurely close out the macro body

Its actually very simple to implement and use. Let me know if it works out for you.

RE: Insert HTML fragments - Added by Marcelo Diniz almost 5 years ago

This is exactly i need but here don't work.
The html code is printed on screen and not executed.
Can you help me ?

RE: Insert HTML fragments - Added by Gary Mueller almost 5 years ago

Here's an updated version that works with latest 2.2.0

desc "Insert html" + "\n\n" +
     "  !{{html\n<HTML CODE HERE>\n}}" 
macro :html do |obj, args, text|
  text.html_safe
end

Example usage:


{{html
    <iframe width="90%" height="250" src="http://en.wikipedia.org/wiki/Redmine"></iframe>
}}

{{html
    <IMG SRC="http://www.redmine.org/attachments/4091/Redmine-Logo-CyberSprocket-Composite.png" WIDTH="50" HEIGHT="50">
}}

Notice the change from the previous version in that the html is no longer enclosed in the parenthesis, but rather as text between the braces

RE: Insert HTML fragments - Added by Marcelo Diniz almost 5 years ago

It worked perfectly.
Thank you.

RE: Insert HTML fragments - Added by Luiz Veronesi almost 5 years ago

Would it be possible to extend this for html fragments inside predefined (pre) tag?

RE: Insert HTML fragments - Added by Lawrence Krubner almost 5 years ago

Why would I get an error when using the method html_safe?

Installing everything new today, on a Centos server, running Phusion Passenger and Nginx. Ruby 1.8.7. Redmine 2.2

Completed 500 Internal Server Error
ActionView::Template::Error (undefined method html_safe' for nil:NilClass):

I wanted to use one of the surviving redmine_embedded plugins, but none of them seem to be currently supported, and all of them have old bug tickets that have never been dealt with. I did file a ticket here (had to remove URL because Redmine.org/boards is rejecting this post as spam)

I thought I might ask here, too.

Does anyone know a workaround? If I can not use html_safe, what else could I use?

Note: I initially had a lot more info in this post, but the forum software on Redmine.org is rejecting this post as spam, so I removed a lot of my examples and URLs.

RE: Insert HTML fragments - Added by Gary Mueller almost 5 years ago

The error seems to indicate the the string 'text' passed to the macro is nil. Are you calling the macro correctly? That is if you have parenthesis enclosing the html, the html will be treated as the 'args' var instead of 'text' var.

Note: There should be a check for nil added to the macro which returns "" when nil.

RE: Insert HTML fragments - Added by Alex Stout over 3 years ago

First of all, thanks Gary for the simple and awesome addition.

I added a small layer of security to my html macro and thought I'd post it here. If you don't want just any joe schmoe marking up your pages, this will help.

desc "Insert html" + "\n\n" + " !{{html\n<HTML CODE HERE>\n}}" 
macro :html do |obj, args, text|
    return unless User.current.allowed_to?(:edit_wiki_pages, @project)
    text.html_safe
end

This only allows people who are allowed to edit wiki pages in this project to use the html markup. Obviously, your wiki already had this security, but your issues and forums did not.

RE: Insert HTML fragments - Added by Serj Kalichev over 3 years ago

Hi

The last Alex's code is not right i think. It must check not current user permissions but a author permissions. Suppose the Admin has changed the wikipage. If he read this message everything is ok. But if non-admin user read the wikipage then he will see escaped html code.

The code without author checking is unsafe. For example any user can insert HTML code to issue tracker.

I need to insert PayPal donate button to redmine page. The redmine.org has a such key on http://www.redmine.org/projects/redmine/wiki/Donors. How do they create it?

RE: Insert HTML fragments - Added by Alex Dergachev about 3 years ago

I agree that the check isn't actually providing any security. In fact if you use this macro, you need to trust EVERY user of redmine not to steal each others cookies with JS injection.

As a more secure alternative, use the {{iframe}} macro provided by another plugin
http://www.redmine.org/boards/3/topics/7130?page=5

Of course you'll need to find some host to embed, maybe try github hosting?

Alternatively, maybe someone can figure out a plugin that uses iframe with inline content and the new-ish sandboxing features.

RE: Insert HTML fragments - Added by qingyun zeng over 2 years ago

Thanks for all of you !

RE: Insert HTML fragments - Added by Christopher Friedt 6 months ago

As an aside, MathML would be incredible to add support for, and likely introduces zero possibility of vulnerability.

(1-16/16)