chrismitchell's avatar

Allow user to import HTML file but only display body within dashboard

An odd question, I’m just trying to work this out in my head.

The idea is to allow users, once logged in, to let them upload their own HTML file which would only display the inner content, which would ignore the header/footer or strip them out. But after doing so ideally the user could then view what they’d imported as an HTML page of sorts.

I know I explained it badly, just trying to work the process out to see if it’s possible :)

Any help or advice would be great :)

0 likes
9 replies
Tray2's avatar

That sounds extremly dangerous.

I would go with a wysiwyg editor on a page instead or let the user user markdown to create the page. That way you can control the html and the css on the page making sure it doesn't break anything.

I would most likely go with the markdown option.

vladv's avatar

Hi, this is possible but it involves a lot of risks because you don't know what the user uploads, and validations are very difficult.

You can do something like this:

  1. User logs in
  2. a) User uploads a HTML file without body tags so only a section b) User writes HTML in a textarea/wysiwyg editor form and you save it in DB
  3. You make a blade view like
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Title of the document</title>
</head>

<body>
	{!! $userContent !!}
</body>

</html>

Where $userContent = file_gets_content('path_to_uploaded_file'); or $userContent = db stored value

Tray2's avatar

@vladv This {!! $userContent !!} is extremly dangerous and should almost never be used. It will f*** your site up if you don't sanitize the input.

1 like
chrismitchell's avatar

I suppose, it would be better, to make the uploaded HTML convert into a PDF instead. Would that be easier?

vladv's avatar

@tray2 I know

What about including in an iframe ( this is how jsbin dot com work )

Tray2's avatar

An iframe would work for the html and css yes. However javascript can be used to reach out of the iframe and breaks the page conrtaining the iframe.

chrismitchell's avatar

Thank you everyone for your advice :) I think that I'll go down the route of converting to PDF from whatever is imported. As its safer :)

Please or to participate in this conversation.