Author |
Message |
28/12/2017 07:42:50
|
rchiluano
Power User
Joined: 28/12/2017 07:21:54
Messages: 79
Offline
|
HI captain, I'd like to embed HTML5 + CSS for additional modification of my program.
Is it possible to do that?
If it is, do you have a demo for that or anything that can help?
Thanks in advance!
Regards, Ryan
|
|
|
28/12/2017 07:49:33
|
CaptainCasa
Power User
Joined: 21/11/2007 12:23:06
Messages: 5521
Offline
|
Hi Ryan,
If it is just HTML5 formatted text, then you should use the TEXTPANE component, set TEXTPANE-CONTENTTYPE to "text/html". By default there is some HTML sanitizing for the HTML you pass (so that it does not include JavaScript statements) in order to prevent cross site scripting (CSS). This sanitizing is done against a positive-list of HTML4 elements (the algorithm is a Google-algortihm...). So you have to explicitly switch this off by TEXTPANE-AVOIDSANITIZING to "true".
If it is HTML5 + JavaScript then this required a bit more attention: either you need to encapsulate this as own component - or you shrinkwrap it into some own IFRAME so that your JavaScript runs completely isoladted. - Example: we integrate charting framework chart-js, or Google Map by isolating it in some own IFRAME via component....
Please tell us your use case, in we can give you further advice.
Regards, Björn
|
Björn Müller, CaptainCasa GmbH |
|
|
28/12/2017 08:03:09
|
rchiluano
Power User
Joined: 28/12/2017 07:21:54
Messages: 79
Offline
|
Thank you for the immediate response captain.
but It's not just a text that I'll work with html5 + css but with images as well.
I'd like to inject HTML if there is a way, or I can just use the components with this?
|
|
|
28/12/2017 08:27:45
|
CaptainCasa
Power User
Joined: 21/11/2007 12:23:06
Messages: 5521
Offline
|
Hi,
text, images is no problem via textpane.
@css: when the client launches then all *.css files of the style directory are included into the style set.
I.e. if you use style defaultrisc then place additional .css files in /webcontent/styles/detfaultrisc/*.css
Regards, Björn
PS: and I clearly have to emphasize: when dynamically assembling the HTML from any data that the user may influence (e.g. embedding some article description that the user may define), then you 200% are responsible for sanitzing the HTML against XSS! (!!!)
|
Björn Müller, CaptainCasa GmbH |
|
|
28/12/2017 11:36:17
|
rchiluano
Power User
Joined: 28/12/2017 07:21:54
Messages: 79
Offline
|
Thank you cap.
|
|
|
28/12/2017 11:45:02
|
rchiluano
Power User
Joined: 28/12/2017 07:21:54
Messages: 79
Offline
|
.
|
|
|
|