-
FEATURED COMPONENTS
First time here? Check out the FAQ!
What's the best option for displaying block multiple paragraphs of formatted HTML text within a ZK page?
The text needs to wrap within the available horizontal constraint
if you have formatted HTML I would suggest the Html-Component.
https://www.zkoss.org/wiki/ZKComponentReference/Essential_Components/Html
If this is too simple to be true, please provide some additional context.
However be careful with user provided content, as this component outputs verbatim HTML including all scripts so you need to sanitize user input yourself.
thanks - I remembered about the 'html'.
I think there is gap on this 'html' component, as it becomes hard work to have the content within the html tag employ the same display style as other ZUL components in the same display. i.e have a 'p' tag within the HTML content use the same style as a 'label' component elsewhere on the same page
not really zk has it's own zul elements and only uses html to render them to the browser ... you can use any of the existing style classes as in this example http://zkfiddle.org/sample/2lrp41p/1-using-zk-styles-in-html
e.g. it uses the z-label, z-button, or even the z-window-header classes. So whatever styles you find in a zk component are technically applicable to other html elements (even if this doesn't always make sense visually)
For non existing styles you can define your own style classes, that's what CSS is for. And ZK allows you to add your own stylesheets.
I assume your initial intention is still not clear to give you a definite "best" way to achieve this.
The core issue is how to design a number of public pages that are not secured by Spring Security, like: public home page, login page, sign up page etc
... so that these pages have the same look'n feel as the ZK based secure web app.
Can somebody explain why it is not a good idea to use ZK based ZUL pages for these public pages?
implementing security functionalities is not simple. It is easiest to protect your whole application, by a simple rule (blocking every request unless the user is successfully authenticated). Keeping the number of exceptions small e.g. only a static home.html, login.html and logout.html. Very often those pages are designed completely different than the internal ZK application. Also SSO solutions often host these pages on a different server. Without access to ZK logic.
As soon as you start designing an interactive login page requiring zk's ajax servlet (/zkau) you have to open dynamic parts of your whole application to non authenticated users. If you have implemented all your relevant security concerns outside the UI layer in your service level or even in the backend. Then you should be fine. However by default we find that is not often the case (and easily overlooked). So we recommend a stricter approach just blocking everything until authenticated.
It's just a matter of keeping it simple. While it is still possible to implement more complicated security setups.
Asked: 2019-04-02 23:51:27 +0800
Seen: 18 times
Last updated: Apr 05 '19