HTML patials for use with angularjs include
Permalink
Hi community
I'm building a c5 application with angularjs. I'd like use ng-include statement to get some html partials loaded dynamically.
I'm working with a single-page in a package. So I'd like to put my partials somewhere in the package's directory-structure.
Where can i put it and what url do I need to provide the ng-include statement?
Example:
in view.php
<div ng-include="'somePath/myPartial.html'"></div>
Thanks for your help
I'm building a c5 application with angularjs. I'd like use ng-include statement to get some html partials loaded dynamically.
I'm working with a single-page in a package. So I'd like to put my partials somewhere in the package's directory-structure.
Where can i put it and what url do I need to provide the ng-include statement?
Example:
in view.php
<div ng-include="'somePath/myPartial.html'"></div>
Thanks for your help
Many thanks hutman
If I understand it right, this would call a php method. Right?
It's not what I need, though. All I need is a ordinary html-file returned (angular will do the data filling).
In the meantime I did a nasty hack:
1. In my single-page's controller I added a method -> means new route
2. in this method I load the html file via file-system and print it out.
It works. But is it the nice way to do?
single-page-contoller:
public function getPartial($partial)
{
$partialsPath = \Package::getByID($this->c->pkgID)->getPackagePath()."/single_pages/mdlrestful/partials/".$partial.".part.html";
echo file_get_contents($partialsPath);
exit;
}
I can now call /mdlrestful/getPartial/myName and the file located in ../packages/modularity_mdl/single_pages/mdlrestful/partials/myName.part.html will be returned.
Because of the fact, that the partial can be selected via a parameter I need to make sure all special chars like .. ' and so on need to be stripped from the parameter $partial , so nobody can somehow inject nasty code (not done yet).
edit:
Here comes the whole method that should be injection-proof:
public function getPartial($partial)
{
//check for nasty injection stuff
if (preg_match('/[^a-zA-Z0-9]+/', $partial, $matches))
{
echo "the parameter given contains invalid characters. Only latin characters and numbers are allowed.";
}
else {
$partialsPath = \Package::getByID($this->c->pkgID)->getPackagePath()."/single_pages/mdlrestful/partials/".$partial.".part.html";
if (! file_exists ( $partialsPath ))
{
throw new \Exception("The Partial '$partial' could not be found.");
}
else
{
echo file_get_contents($partialsPath);
}
}
exit;
}
If I understand it right, this would call a php method. Right?
It's not what I need, though. All I need is a ordinary html-file returned (angular will do the data filling).
In the meantime I did a nasty hack:
1. In my single-page's controller I added a method -> means new route
2. in this method I load the html file via file-system and print it out.
It works. But is it the nice way to do?
single-page-contoller:
public function getPartial($partial)
{
$partialsPath = \Package::getByID($this->c->pkgID)->getPackagePath()."/single_pages/mdlrestful/partials/".$partial.".part.html";
echo file_get_contents($partialsPath);
exit;
}
I can now call /mdlrestful/getPartial/myName and the file located in ../packages/modularity_mdl/single_pages/mdlrestful/partials/myName.part.html will be returned.
Because of the fact, that the partial can be selected via a parameter I need to make sure all special chars like .. ' and so on need to be stripped from the parameter $partial , so nobody can somehow inject nasty code (not done yet).
edit:
Here comes the whole method that should be injection-proof:
public function getPartial($partial)
{
//check for nasty injection stuff
if (preg_match('/[^a-zA-Z0-9]+/', $partial, $matches))
{
echo "the parameter given contains invalid characters. Only latin characters and numbers are allowed.";
}
else {
$partialsPath = \Package::getByID($this->c->pkgID)->getPackagePath()."/single_pages/mdlrestful/partials/".$partial.".part.html";
if (! file_exists ( $partialsPath ))
{
throw new \Exception("The Partial '$partial' could not be found.");
}
else
{
echo file_get_contents($partialsPath);
}
}
exit;
}
Yes, I think if you must pull in an HTML file that type of workaround is going to be your best bet. As you said you should sanitize your inputs and maybe look for an alternate to get_file_contents, but that's up to you.
Hi hutman
Thanks again for your time.
Why should I use something else than get_file_contents?
Do you have an suggestions how to sanitize correctly?
Tanks
Ueli
Thanks again for your time.
Why should I use something else than get_file_contents?
Do you have an suggestions how to sanitize correctly?
Tanks
Ueli
Here is a reference on how to Sanitize inputshttp://documentation.concrete5.org/developers/security/sanitizing-u...
As for the file_get_contents, many servers don't allow that because of security concerns, but if this is just for a personal project it's probably fine.
As for the file_get_contents, many servers don't allow that because of security concerns, but if this is just for a personal project it's probably fine.
Then in your html you'd just have ng-include="/route-path" and it will call that Class and function.