What is the best solution to display field "Body" outside Vanilla

Clément

Hello,

I need to post a discussion and first 5 comments outside Vanilla.

I thought at first bootstrap.php load and do a simple SQL query.

It works perfectly but impossible to use the function "FormatBody()" because some classes and functions are loaded via the controller.

I looked to use the API but apparently, it is not possible to display the comments ?

What is for you the best solutions to display the field "Body" discussions and comments with a report similar to the function "FormatBody()" ?

Thanks a lot for your help !

R_J

vanillaforums.org/discussion/comment/223748#Comment_223748

Clément

Thank R_J !!

It is possible to export in JSONP (multiple domains) ?

Exemple : http://vanillaforums.org/discussion/comment/234001&DeliveryMethod=JSONP

R_J

Sorry, but I do not know anything about JSONP. Looking at the source, I found this: https://github.com/vanilla/vanilla/search?utf8=✓&q=jsonp which shows that there is a config setting Garden.AllowJSONP
but it is not really useful by now (I guess I'll even create an Issue on GitHub, because the way it is used by now is nonsense...)

Maybe you can create a PHP page on your server which pulls a discussion like that: vanillaforums.org/discussion/comment/234001&DeliveryMethod=JSON&DeliveryType=VIEW with curl and then get the results of that PHP page from your server with JS?

But honestly, I'm a js noob and there might be millions of better alternatives!

x00

You should able to set Garden.AllowJSONP in config.

you need to put the callback=something on your url. In jquery you can do this automatically as you probably know.

You must sanitize Body. Don't assume it is sanitised. This might be hard to do without relay/proxying, unless you are happy to strip tags.

x00

You can see quite clearly here

https://github.com/vanilla/vanilla/blob/master/library/core/class.controller.php#L1311

mtschirs

Don't activate JSONP. It is a security risk. Look for alternative cross domain access methods such as CORS etc.

x00

@mtschirs said:
Don't activate JSONP. It a security risk. Look for alternative cross domain access methods such as CORS etc.

It depends what you are doing with it. If you are stripping everything ana just using text it is not a problem.

Yes CORS is more restrictive yes, but support is still sketchy.

Clément

I really appreciate your help!

Finally, this solution should not really me.
Using the output format "VIEW", I get all the html, not just the "Body" and using the output format "DATA", I get the "Body" field, but without using the function "formatBody()"

I found a solution that consists of loading a discussion. After, I can use the function "formatBody()".

---

`
if(!function_exists('formatBody'))
{
ob_start();

// Create and configure the dispatcher.
$Dispatcher = \Gdn::dispatcher();

$EnabledApplications = \Gdn::ApplicationManager()->EnabledApplicationFolders();
$Dispatcher->EnabledApplicationFolders($EnabledApplications);
$Dispatcher->PassProperty('EnabledApplications', $EnabledApplications);

// Process the request.
$Dispatcher->start();
$Dispatcher->dispatch('discussion/1/xxx');

ob_end_clean();

}

$body = new \stdClass();
$body->Body = 'A test : ';
$body->Format = 'Wysiwyg';
$message = formatBody($body);

`

I'll try to use JSONP the coming days.

I did not know CORS... Interesting !

Why would JSONP insecure? For me it is the same thing of JSON but allows Javascript to retrieve with other domains.

x00

@Clément there is no point force loading the framework to get a discussion, if you do that you might as well create an endpoint as a plugin and use the model directly.

Another idea is to create a vanilla module. Then you can load the module as is e.g.

http://vanillaforums.org/module/categoriesmodule

x00

Obviously you have to work around cross domain. Is this on the same server or different?

Clément

Yes, it is around cross domain on the same server.

I must finish this dev quickly.
I would study these options after launching the site.

I know, my solution is not pro... just provisoir.

Again thank you for your help!

x00

See this data

http://vanillaforums.org/module/categoriesmodule.json

Data is base64 encoded. There are jQuery libraries to decode it.

If you wanted to create you own module this is an option. It can be formatted as required as a html fragment.

If it cross domain but on the same server, you don't have to cross the domain. You can create server rule for that one endpoint that you need on the same domain. The main downside is session reliant stuff data.

However if you don't want to do that you also have JSONP.

x00

The reason for .json is if you are cross domain a html fragment is not valid JavaScript with is what JSONP works on. JSON and JavaScript object are the same so you can parse JSON as JavaScript. JSONP is already a JavaScript script the json is passed to a callback function as an argument. e.g.

random_callback({"foo":"bar"}); This function has been predefined as a handler so it name is passed to the server as the callback name to wrap the JSON, so the correct function gets called and the function will return the object (or process it directly).

Usually it is some randomly generated name, jquery does this automatically.