Adobe AEM CQ XSS filter - content-management-system

In my author I am editing a text component and adding the following html:
<li><span>test text</span></li>
However, When I switch to preview mode the html that render is:
<li><span><a class="tt" href="#">Test text</a></span></li>
It looks like AEM is stripping out some attributes. Any ideas why?
MORE INFO
After more reading, I think I narrowed it down to adding the attributes to /libs/cq/xssprotection/config.xml. However, pages stop loading when I add this:
<tag name="div" action="validate">
<attribute name="align"/>
<attribute name="data-toggle">
<regexp-list>
<regexp name="data-toggle"/>
</regexp-list>
</attribute>
<attribute name="data-html">
<regexp-list>
<regexp name="data-html"/>
</regexp-list>
</attribute>
<attribute name="data-placement">
<regexp-list>
<regexp name="data-placement"/>
</regexp-list>
</attribute>
<attribute name="data-content">
<regexp-list>
<regexp name="data-content"/>
</regexp-list>
</attribute>
</tag>
Do I have the incorrect syntax?

This is because you are using the OOTB text component and the OOTB text component uses <cq:text> tag to display the text configured in the component. Something similar to the one shown below.
<cq:text property="text" escapeXml="true" ... />
Behind the scenes, when the escapeXml attribute is set to true, it internally calls the #filterHTML method of XSSAPI, the output of which stripped all your data attributes.
You can overlay the text component and remove the escapeXml attribute if required or implement your logic after overlaying as per the requirements.

Related

Configure smartedit component attribute editor

Hi I created a new type which extends from SimpleCMSComponent. This type has an attribute of type "variantProduct" which extends from the ootb Product.
If I edit this RandomComponent in SmartEdit it allows me to choose a product for the component, but it shows me all types which extend from product and not "variantProduct".
Does anyone know how to configure this so it only shows the products of type "variantProduct"?
Kind regards
<itemtype code="RandomComponent" extends="SimpleCMSComponent">
<attributes>
<attribute qualifier="product" type="variantProduct">
<persistence type="property"/>
</attribute>
</attributes>
</itemtype>

Mybatis Generator's bug: configuration items should be ordered?

If I put "<commentGenerator>" after "<jdbcConnection>", MBG proposed an error that context content should match: blablabla...
But when I put "<commentGenerator>" before "<jdbcConnection>", everything is ok. Here I have something to complain to the official website that if the order of these items is need, why you do not tell us! What an important thing! You r kidding the freshmen. Maybe it is some where I do not know, but this is a key point to build the MBG's configuration file successfully, why not put this NOTE on the top of the tutorial or somewhere eye-catching?
<generatorConfiguration >
<classPathEntry location="D:\mariadb-java-client-1.1.7.jar" />
<context id="db" >
<commentGenerator>
<property name="suppressAllComments" value="true" />
<property name="suppressDate" value="true" />
</commentGenerator>
<jdbcConnection driverClass="org.mariadb.jdbc.Driver"
connectionURL="jdbc:mariadb://localhost:3306/dbname"
userId="root"
password="password"
/>
<javaTypeResolver >
<property name="forceBigDecimals" value="false" />
</javaTypeResolver>
<!-- Model Class -->
<javaModelGenerator targetPackage="org.infrastructure.model" targetProject="infrastructure\src\main\java">
<property name="enableSubPackages" value="false" />
<property name="trimStrings" value="true" />
</javaModelGenerator>
<!-- XML Files -->
<sqlMapGenerator targetPackage="sqlMap" targetProject="infrastructure\src\main\config">
<property name="enableSubPackages" value="false" />
</sqlMapGenerator>
<!-- DAO -->
<javaClientGenerator type="XMLMAPPER" targetPackage="org.infrastructure.dao" targetProject="infrastructure\src\main\java">
<property name="enableSubPackages" value="false" />
</javaClientGenerator>
<!-- Tables -->
<table tableName="user" domainObjectName="User" ></table>
</context>
</generatorConfiguration>
First of all, in your xml configuration file, it doesn't contains a valid root element, which always should be like <!DOCTYPE .../>. About how to add a correct root element of mybatis generator configuration file, please see example from MyBatis GeneratorXML Configuration File Reference.
If you correctly specified root element such as following:
<!DOCTYPE generatorConfiguration PUBLIC
"-//mybatis.org//DTD MyBatis Generator Configuration 1.0//EN"
"http://mybatis.org/dtd/mybatis-generator-config_1_0.dtd"
>
This root element contains a typical DTD declaration located at http://mybatis.org/dtd/mybatis-generator-config_1_0.dtd. This is the definition of the order of these items is need. And we are going to see what it looks like.
From line 47 of this document type definition, it defines element named context. The content is as following:
<!--
The context element is used to describe a context for generating files, and the source tables.
-->
<!ELEMENT context (property*, plugin*, commentGenerator?, jdbcConnection, javaTypeResolver?,javaModelGenerator, sqlMapGenerator?, javaClientGenerator?, table+)>
Which obviously defined the order of the element in context, that is:
property*, plugin*, commentGenerator?, jdbcConnection,
javaTypeResolver?,javaModelGenerator, sqlMapGenerator?,
javaClientGenerator?, table+
In this element, all children must occurs as following rules:
+ for specifying that there must be one or more occurrences of the item — the effective content of each occurrence may be different;
* for specifying that any number (zero or more) of occurrences is allowed — the item is optional and the effective content of each occurrence may be different;
? for specifying that there must not be more than one occurrence — the item is optional;
If there is no quantifier, the specified item must occur exactly one time at the specified position in the content of the element.
After we understanding its real meaning, why you could not change the order of commentGenerator and jdbcConnection should be clear.
Maybe you want to know how to make the element out of order, question How to define DTD without strict element order could be useful.
Wish it helpful.

Adding a VersionOne expression using the REST API

I am trying to create a new 'Expression' in VersionOne - effectively adding a new 'comment' to a conversation.
In theory, the rest-1.v1/Data API should allow this, but I can't figure out how to do it - there is precious little documentation about using the API (using POST) to create objects.
FWIW, here's what I'm doing (after successfully accessing the server with valid credentials):
URL:
/rest-1.v1/Data/Expression
XML:
<Asset href="<Server Base URI>/rest-1.v1/Data/Expression">
<Attribute name="AssetType">Expression</Attribute>
<Relation name="InReplyTo" />
<Attribute name="AuthoredAt">2014-05-28T21:48:37.940</Attribute>
<Attribute name="Content">A new comment</Attribute>
<Attribute name="AssetState">64</Attribute>
<Relation name="Author">
<Asset href="<Server Base URI>/rest-1.v1/Data/Member/2015" idref="Member:2015" />
</Relation>
<Relation name="BelongsTo">
<Asset href="<Server Base URI>/rest-1.v1/Data/Conversation/2018" idref="Conversation:2018" />
</Relation>
<Attribute name="Author.Name">user#example.com</Attribute>
<Attribute name="Author.Nickname">User Name</Attribute>
<Relation name="Mentions">
<Asset href="<Server Base URI>/rest-1.v1/Data/Story/2017" idref="Story:2017" />
</Relation>
</Asset>
I keep getting a 400 Bad Request the following error:
<Error href="<Server Base URI>/rest-1.v1/Data/Expression">
<Message>Violation'Required'AttributeDefinition'Content'Expression</Message>
<Exception class="VersionOne.DataException">
<Message>Violation'Required'AttributeDefinition'Content'Expression</Message>
</Exception>
</Error>
I assume I'm missing something obvious - does anyone know what it is?
IF you examine the metadata for a VersionOne Expression, you will see 3 required fields (Author,AuthoredAt,Content). Logically this makes sense to be able to just create a single, zombie expression but I witnessed otherwise. This might be a mistake in the stylesheet or just my browser because it seems POSTing with only those three will return a 400 error. To get a guaranteed working payload, include the relation "inReplyTo" and that is all that you will need to create an expression within the context of a particular Conversation.
Given that you are responding to an existing expression (comment) This should work fine.
POST to rest-1.v1/Data/Expression
<Asset>
<Relation name="Author" act="set">
<Asset idref="Member:2015" />
</Relation>
<Attribute name="AuthoredAt">2014-05-02T21:48:37.940</Attribute>
<Attribute name="Content" act="set">A new comment</Attribute>
<Relation name="InReplyTo" act="set">
<Asset idref="Expression:xxxxx" />
</Relation>
</Asset>
You don't need Asset state or mentions or belongs to. AssetState is readonly, and BelongsTo is filled in automatically after your Expression is created. It inherits a reference to the containing Conversation from the Expression object entered in the InReplyTo field and the Mentions relation is optional.
FYI,
I believe that you didn't see the Legend on the right hand side of a the meta query output as seen in a browser. Real quick here, when you do a meta query, the items with * are required to Post, Bold items are Read/Write optional, the italicized items are readonly, and the bold items towards the bottom that are appended with ": operation" is the operation that you are allow to do against that particular asset.

Microsoft Dynamics CRM 2011 PlugIn RetrieveMultiple Does not return custom attribute on pricelist

I am writing a simple PlugIn for Dynamics CRM 2011 which should retrieve a custom attribute which I customized in the pricelist entity.
When I execute the following code, all standard attributes are returned, but not the one custom attribute which I customized (and published of course). I don't get an error, but simply the attribute 'axi_submarketid' is not returned. If I read data from a completely custom entity, I have no problem.
string fetch = string.Format(#"<fetch version='1.0' output-format='xml-platform' mapping='logical' distinct='false'>
<entity name='pricelevel'>
<attribute name='name' />
<attribute name='transactioncurrencyid' />
<attribute name='enddate' />
<attribute name='begindate' />
<attribute name='statecode' />
<attribute name='pricelevelid' />
<attribute name='axi_submarketid' />
<order attribute='name' descending='false' />
<filter type='and'>
<condition attribute='pricelevelid' operator='eq' uiname='10 Stromlieferung' uitype='pricelevel' value='{0}' />
</filter>
</entity>
</fetch>", pricelevelid);
EntityCollection pricelevel = _service.RetrieveMultiple(new FetchExpression(fetch));
What am I doing wrong?
Thanks for help,
Peter
I solved my issue myself and it is a bit embarassing :-)
The expected attribute was not deliverd, because it had no content. Meaning, not only in the direct context of a PlugIn, but also when requesting data in general: if in an attribute there is no data, the attribute is not sent back, for example if the attribute is NULL or has no value in it.
Thanks anyway, hope this question and answer helps someone else.
Regards,
Peter

How to use OrganizationServiceProxy on my Plugin - CRM 2011?

I need to use fetch xml in a CRM plugin, and I found here an example on how to do that:
string groupby1 = #"
<fetch distinct='false' mapping='logical' aggregate='true'>
<entity name='opportunity'>
<attribute name='name' alias='opportunity_count' aggregate='countcolumn' />
<attribute name='ownerid' alias='ownerid' groupby='true' />
<attribute name='createdon' alias='createdon' />
<attribute name='customerid' alias='customerid' />
</entity>
</fetch>";
EntityCollection groupby1_result = orgProxy.RetrieveMultiple(new FetchExpression(groupby1));
but there's something else I don't know how to use, or where is it to use.. it's the part which says:
orgProxy.RetrieveMultiple(new FetchExpression(groupby1));
I Know it's an object of the OrganizationServiceProxy, but where is it in the plugin class? I couldn't find out.
In the politest way possible, you probably need to take a few steps backwards to go forwards.
So to write a plugin, you need to implement IPlugin, which has just the one method
public void Execute(IServiceProvider serviceProvider)
The IServiceProvider is your window into CRM and the context of the event that you are hooking into.
Typically, you would do something like:
var context = (IPluginExecutionContext) serviceProvider.GetService(typeof (IPluginExecutionContext));
var factory = (IOrganizationServiceFactory) serviceProvider.GetService(typeof (IOrganizationServiceFactory));
var service = factory.CreateOrganizationService(context.UserId);
In the example above, service is of type IOrganizationService. This gives you all the methods you would expect
service.Execute(foo);
service.RetrieveMultiple(bar);
service.Update(... /* etc
Might be worth reviewing some of the guides around this - as I've given in a previous answer here