If I were to build a custom CMS that allowed someone to log in and build a page using a WYSIWYG would it be possible to make it secure and allow JavaScript code in the content? There are times where someone wants to add a video embed code or a widget that grabs an RSS feed, these embed codes and widgets are in JavaScript. So how do I allow them to add that to their page through a CMS? My main concern is XSS/vulnerabilities.
You could store tags with references to widgets in your rich text content, like <video>id</video>, and render the javascript only in frontend... or you could choose to use any of the modern CMS's out there with plugins for video and widgets that already solved the problem for you.
Related
I am developing an app which has a significant 'reference' section in it. It's information that is very applicable to being created as a set of HTML pages, linking to each other.
I am wondering if anyone knows of a good framework out there to embed HTML pages within an iphone app, to be able to open a specific page by key and any other niceties. The best I've seen so far is CMHTMLView on github.
I know I can load HTML pages directly into a UIWebView, I'm looking to see if there's a framework which does a bit of the boilerplate for for me (e.g. checking for existance of files, be able to cache pages by a keyword, any other niceties like being able to index and search pages). Thanks!
To display easy to navigate HTML in a mobile, I use http://jquerymobile.com
I was advised to post this here by SoundCloud support - I hope you can help. I want to use the html5 widget on my site and access different sets but, rather than have multiple widgets on a page, I want to be able to reload the widget with a different set by clicking on different links on the page. It seems you can do this using the API and I have been playing with w.soundcloud.com/player/api_playground.html and have got it to load my sets by putting the api.soundclound.com url in the appropriate box and clicking "reload widget".
I really don’t know javascript at all so I was hoping to copy the source from that page and try and edit it to do what I want. However, I can’t even get the page to load when it is hosted on my site:
http://www.indigomusic.co.uk/SCtest/playground.htm
I downloaded api.js and put it in a folder on my server but I’m obviously missing step(s). I’ve read http://developers.soundcloud.com/docs/html5-widget#introduction but it obviously assumes a level of javascript knowledge that I just don’t have...
...are you able to help?
Many thanks,
Dan Selby
You don't have do use the Widget API for that necessarily.
Here is a simple example using jQuery and the SoundCloud SDK doing what you described:
http://dl.dropbox.com/u/12477597/Temporary/dynamic-widget-example.html
Hope it Helps.
How can I implement a full html,php,js and css page into a wordpress page?
Example:
I have a app.php that has a text box, when You press enter it displays the text with a php echo. With the users profile picture from Facebook.
How Can I inset/implement that into a WordPress page?
HTML/PHP: The simplest way may just be to create an extra template in your theme. You can view WordPress template hierarchy here: Template Hierarchy
JS/CSS: If the JavaScript and CSS makes the most sense to be embedded (it usually does!), you can use hooks and actions in a simple plugin (or potentially your functions.php page) to include the JavaScript and CSS you need.
wp_enqueue_script
wp_enqueue_style
Note: I have not personally used functions.php (found in your theme files) to call these sorts of hooks, but I assume it would work just fine.
If you are using a theme that constantly receives updates, it is worth building a plugin to do the job. If not, it's easiest to just modify the theme.
There are two options as far as I know. First one is that you embed the code directly into your posts, and install the plugin called PHP execution. Second, try to create your own page template, and place your own code in the template. then you can create a page in the dashboard and select the template.
Is it possible to implement custom HTML or PHP in MODx CMS pages?
I want to do more than the Rich Text Editor can offer.
Thank you.
You can add your HTML in chunks or templates, only getting the content you need from the rich text editor to use in your template, you shouldn't really be adding too much HTML to page content as this would allow a user to mess around with the page layout.
As for using your own php this can be implemented using Snippets
The Rich Text Editor offers a source view mode where you can enter your own HTML. This would be valuable in case you want to do something fairly standard like add a DIV tad with an ID.
I am making an app in GWT. It is like a dashboard and will have out of the widgets.
Now when we ship this out, there is a use case that the customer might want to create their own GWT widget and use this in the dashboard app.
As I understand it, they will not be able to do this since we cannot ship our source code which is needed to compile the whole app again once tag of their widget/module gets into the gwt.xml file of my app.
I cannot use anything other that GWT to make this dashboard. And their widget could be say a flash heapmap, a jquery widget/plugin, another GWT module, a jsp page that renders a visualization from back end.
So far my thoughts have been to provide a widget in my app which is a wrapper in the form of an Iframe and call their main page (they will provide url), and have an api to let my app and their widget talk.
But I would like to know if there are other / better approaches?
This is exactly the problem solved by google's OpenSocial widgets. There are a few opensource implementations: http://shindig.apache.org/ is one. You can look into integrating that in to your app. An added bonus is that you can then display widgets from other applications (such as atlassian jira) that also serve opensocial widgets.
Depending on how closed source your application is (can custom JS/HTML be added to pages?), you could always provide a native Javascript (JSNI) API for some custom dashboard widgets. The simplest solution I'm thinking of would be a JSNI method which your customers could call to set the HTML content of said widget. This method would allow them to use a variety of options such as JQuery widgets, their own GWT widget generated HTML or even an IFrame pointing to their JSP pages etc... You could then provide additional JSNI API methods which would allow them to interact with your app/widget in other ways as well. This would be better than the IFrame method because you wouldn't have to deal with cross domain scripting security issues.