I am customizing a pingfederate temaplte (for login).
As part of this customization I would like to be able to have a java script variable that is dependent on the configuration of the form being used. Essentially to distinguish between a test and a live environment.
I'm trying to keep the templates in source control and not have duplicated code and also to be able to test configurations before I deploy.
I'd like to think that I could set a variable somewhere in the admin interface and get this exposed in the template, however I have found nothing in the documentation to suggest that this is possible.
Is there a way to do this, or a reasonable work around?
From the perspective of PingFederate itself, no. There are plenty of mechanisms in Javascript that you could use, like window.location.host to trigger CSS properties. You could even use the Velocity variable of $PingFedBaseURL to drive CSS properties.
Related
I'm using the free JS plugin from tinymce and interested in preventing an HTML injection with the tinymce text editor.
I've added this property to the INIT:
invalid_elements: 'script' (just for this example)
However nothing happens. The editor still "accepts" the script tag and pass it on.
I looked at https://www.tiny.cloud/docs/tinymce/6/content-filtering/#invalid_elements and it should work but I don't see any change once it's added.
Am I doing something wrong?
Is there a way to limit some HTML elements with this editor?
Any other tips on how to use that editor and prevent the malicious HTML..?
TinyMCE certainly has a variety of configuration options to help you control what content is created in the editor but you can never assume that data provided to you client side is "clean" or "safe". Nefarious people can bypass your front end and all of its validation if their goal is to cause harm to your system.
You should always configure your front end appropriately. TinyMCE has a variety of configuration options to assist with content filtering/validation (https://www.tiny.cloud/docs/configure/content-filtering/) to only allow those types of tags you want created, etc including:
https://www.tiny.cloud/docs/configure/content-filtering/#valid_elements
https://www.tiny.cloud/docs/configure/content-filtering/#extended_valid_elements
https://www.tiny.cloud/docs/configure/content-filtering/#valid_children
https://www.tiny.cloud/docs/configure/content-filtering/#schema
https://www.tiny.cloud/docs/configure/content-filtering/#invalid_elements
However, regardless of the front end design, you should always re-check submitted content on the server to ensure it is safe. There is simply no way around that need. What constitutes "safe" is likely a business decision based on what your application does and who uses it.
There are many different libraries you can use server side to do this sort of validation/cleansing so depending on your specific server side setup you can find libraries that allow you to "sanitize/purify" the submitted HTML.
I would note that TinyMCE (by default) should not allow <script> tags in your content so it is likely that such behavior could be due to your current configuration.
I would like to implement an extensible templating mechanism in AEM, so as to permit component users to control markup for individual projects (designs) without modifying the components' pre-defined JSPs.
I have extended the <cq:include> tag to permit this, by passing a template name, which is then retrieved from the current design, falling back to the default markup when an override does not exist in the design:
<ct:template name="listNav/prev" />
This should load the jsp script from [1], unless the location does not exist, defaulting to [2]:
/etc/designs/projectName/component_templates/listNav/prev.jsp
/etc/designs/component_templates/listNav/prev.jsp
When using the extended tag, I'm receiving the exception (yes, the file exists):
Caused by: org.apache.sling.api.SlingException: javax.servlet.ServletException: javax.servlet.jsp.JspException: Could not find script /etc/designs/component_templates/listNav/prev.jsp
This all works when the component_templates is under /apps. Is there any way to make this work? Is there a better approach? I'd prefer to keep the component_templates with the designs, if possible.
I don't think it is a good idea to put application script to etc. They should be under /apps.
But I think it could work, if you add /etc path to the "Resource Search Path" of this service:
system/console/configMgr/org.apache.sling.jcr.resource.internal.JcrResourceResolverFactoryImpl
you can choose between different "designs" within the advanced page properties tab! afaik you should use this mechanism to declare different designts i.e. stylesheets etc. to your pages and of cause you don't need to modify anything at the jsp's to switch between different styles if implemented properly.
Have a look at this:
Adobe AEM Designs
It seems to be quite basic problem, but I still cannot find a nice solution.
I made a component that uses a dialog property.
How could I avoid setting this property for every single page if this component is used also in template?
What I already have tried:
I set name attribute in dialog.xml to absolute path - Component stops working as standalone (dropped into parsys).
Move it to design_dialog.xml - First of all it's conceptually content, so I do not like such move, and again it doeas not make much sense for standalone versions.
Change resource path to absolute, while including in template:
<cq:include path="/content/site/somepage" resourceType="/apps/portal/components/myComponent" />
For the first look it was almost it. Instances included via parsys has it's own path, and Content for template is fetched from single resource... But where to store it, to make template code independent from pages tree structure?
Is there any other nice way to do so? or at least way to improve 3.?
To the original poster, the functionality you are looking for is now supported by Shared Component Properties in ACS AEM Commons (http://adobe-consulting-services.github.io/acs-aem-commons/features/shared-component-properties.html)
Compared to your suggested solutions:
No need for absolute property path required for SCP
Agreed these are "content" properties, so they should be stored as "content" instead of "design". SCP stores these values under the homepage node of a site, making them as genuine of content as any other piece of content.
Agreed that it is bad to have a template hard-coded to a content path of a single site, especially since this makes a multi-site implementation impossible without creating a bunch of templates. SCP does not have this problem, because each site has its own homepage under which the properties are stored.
If I understand correctly, you have a component which may work in two modes:
it may be included statically in the main page renderer via <cq:include>
it may be also dropped into some parsys.
In the first mode component should have some common configuration for all pages and in the second mode it should be configured separately per-instance. The problem is how to create such common configuration.
I think your 3rd solution is perfectly fine assuming that the component configuration is shared by all sites in your CQ instance. At some point it may be too strong assumption, eg. you may have a 3 language branches under /content/site-en, /content/site-fr and /content/site-de and you'd like to make a separate configuration for each branch.
I'd suggest following improvement to the 3rd solution: you may create the shared component under some relative path which will be the same for all pages, like /content/.../configuration/shared-component (where ... may be site1, site2 or site3). Then take first two parts of the current page path, add the /configuration/shared-component suffix and use <cq:include> to include path created in such way.
You may also take a different approach and create a common configuration page referenced by all statically included components. These components may try to find their configuration automatically (via the relative path as above) or they may have a single pathfield that references configuration page.
If you don't like these options (as they assume some site structure or they need some minimal configuration for each component), consider using HierarchyNodeInheritanceValueMap. It allows you to get property from the current resource and if there is no such property, it'll look into the same resource on ancestor pages. Using this you could configure your component just once, in the site root page and inherit configuration across the whole site.
I want to create a dynamics crm solution that will be imported by the customer.
After import, the user must complete some settings in a custom entity. After this, a specific code must run for these new settings, but only once. I cannot use custom workflows because it has to work in the online crm too.
The best would have been to have a synchronous plugin that is registered to execute when the settings are saved. I cannot do this because plugins can be registered for a limited set of entities, custom entities are not supported (am I right on this?).
What alternatives do I have?
Using a Configuration Page for your solution might make it easier for the user to configure. Instead of making the user manually set up a configuration entity, use Javascript in the Configuration Page web resource to hit the REST endpoint and do the setup for you. You might also be able to run your custom setup code using Javascript (or use a plugin on the configuration entity as ckeller has confirmed). Here's a link about the special Configuration Page:
http://mahenderpal.wordpress.com/2011/07/26/step-by-step-adding-configuration-page-in-solution-ms-crm-2011/
In Community 4.0.a, I'm posting my custom activities in the repo following this: http://wiki.alfresco.com/wiki/3.0_Activities_Developer_Guide
I have defined my own activity type, with custom bundles and pagelink to display custom needs in the activity dashlet.
But I face an issue, I need to specialize the output based on the activity-type in a similar way of what is done already in activity-list.get.js in the specialize() function.
I can't hack the js cause I'm packaging things in my own amp for Share.
What is the best way to do it? Is there some kind of extension point or do I need to override completely the dashlet?
The old way (3.x) to change the behaviour of a webscript controller is to copy the code and overwrite the Javascript by placing it under web-extension: alfresco/web-extension/site-webscripts/org/alfresco/components/dashlets/activity-list.get.js. There you can modify the specialize() function or whatever you need to do.
All files you place in the alfresco/web-extension/site-webscripts folder will replace original files in the share.war WEB-INF/classes/alfresco/site-webscripts classpath. Best practice is to place your customizations in the tomcat/shared/classes/alfresco/web-extension folder so you don't need to modify the WAR file.
Alfresco 4.0 provides a new way to change the javascript controllers of a webscript. You can add additional Javascript code that will run after the original code. This is preferable because you don't need to change original code and you can upgrade more easily later. To use it you need to get familiar with the new Share extension modules concept. See David Draper's Blog for more info on that.