HTML Viewer?

[joe_pool_is]

I'm looking for a simple control (like a Text Box or Rich Text Box) to display formatted HTML in.

 

What I am creating is an email viewer for our server. Someone selects the message, and its Message Body will be filled into the control.

 

The closest thing I can find (in Visual Studio 2005) is the WebBrowser control - but I don't want to give the browser a file to display. I simply want a way to show HTML formatted text (tables, unordered lists, hyperlinks, etc.).

 

Has anyone done something like this? What could I look into as far as research goes?

[snarfblam]

You can set the WebBrowser.DocumentText property. For example, using C# Express, I created a WinForms app, added a Web Browser control, and used the following code:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;

namespace WindowsApplication1
{
   public partial class Form1 : Form
   {
       public Form1() {
           InitializeComponent();
           webBrowser1.DocumentText = "<HTML><HEAD></HEAD><BODY><OL><LI>1</LI><LI>2</LI></OL></BODY></HTML>";
       }
   }
}

 

The output was as you would expect...

1. 1
   
2. 2
   

[/Quote]

[joe_pool_is]

OK, that's simple enough.

 

So, in my case, when the next message is selected from the list and I want to display the message body, would I simply write that data directly?

 

// untested code
void ListView1_SelectedItemChanged(object sender, EventArgs e) {
 // I'm placing the HTML formatted message in the Tag field.
 // Is this Good or bad? Does the Tag have a size limit?
 string message = ListView1.SelectedItems[0].Tag;
 // I'm guessing I don't have to clear anything first, right?
 webBrowser1.DocumentText = string.Format("<html><head></head><body>{0}</body></html>", message);
}

[snarfblam]

Just a note, appropriate security considerations should be made. (Do you trust the source of the messages? Could malicious HTML be inserted into the messages? etc..)

 

The idea in your code is certainly right. There is no limit on the size of the tag; it is just an object reference. The only limit is that of the string class: roughly 2 gigs.

[joe_pool_is]

Hmmm... No security measures have been considered by the software development team (me). I suppose I should look into that.

 

Most messages I create and send through my applications, but I'm also adding the emailing tool so that anyone out on the manufacturing plant can send a message to one of the supervisors after they have clocked into that particular machine.

 

They won't know what they're sending, but I should probably look to ensure no html tags are inserted.

 

Anything else to keep an eye out for?

[snarfblam]

Yes. Spambots.

[joe_pool_is]

Spambots.

 

I have never used those, but my understanding of them is that they are used to prevent unauthorized use (or spam) in your emails. Right?

 

The applications all run on Windows PCs or Terminals here at work, and the operator has to be logged in on the machine to use the email tool - and I populate the sender field; they can't change it.

 

I just want to make sure someone doesn't inject harmful HTML into the message.

 

Is that what a spambot would be used for?

 

Could someone enter harmful HTML or Javascript into an email message that would cause the WebBrowser control to screw up?

[snarfblam]

Sorry. My remark about spambots was nonsense, in response to a bunch of spam on this forum (that, for all I know, you never even saw).

 

In all seriousness, what you need to ask yourself is would anyone ever want to inject malicious code into your app, why, and what could they do? The solution depends on the answers, and could be anywhere from restricting security of the code to scrubbing all the input. I'm no security expert, so I recommend reading up on some good security practices.