Where does actually the BIRT scripts run? Scripts like beforeFactory, fetch, etc.?
In my view, they are rendered at client side, but is it like that? Or is it getting rendered at server side, and only the report view is sent to client side? Firebug console is giving me some clue regarding that, but I'm not sure.
All BIRT scripts run on server-side (Rhino scripts), within the same JVM as the BIRT engine. This is why they can invoke java objects.
Similarly, when we include a javascript file through "resources" property of a birt report it is also a server-side script: don't try for example to include something like jquery here it wouldn't work.
The only exceptions are:
In a Text element, we can set the type to HTML and then add client-side actions between html script tags. This is where we could for example include jquery or any other client-side framework we like
From birt 4.3 there is an event "clientScripts" where we can put client-side javascript actions. Though i would recommend to make use of the "HTML text element" approach described above instead of this event.
In a chart interactivity action, there is an "Invoke script" option which is actually a client-side javascript
Related
I've installed Ajaxy Live Search Plugin v3.0.7 in my wordpress, but when searching something like:
<script>alert('123');</script>
I can see the alert on my browser.
Using firebug I can see that when typing on the search box I'm calling
/wp-admin/admin-ajax.php
sending these parameters:
action = ajaxy_sf
search = false
sf_value = <script>alert('123');</script>
How can I avoid this problem on my search box?
Thanks in advance!
XSS is an output encoding problem. It's not about what parameters are sent in the request, the vulnerability manifests itself when a response is made (either to the same request or a different one).
In any response, output should be encoded according to the context. Depending on how your plugin works, it may either create partial html on the server or use DOM mainpulation in the browser while sending AJAX requests.
If it's creating partial html and inserting that into the page as the search results, the view that generates the partial html should be fixed by adding output encoding (ie. htmlspecialchars() in php, but there are other options too).
If it's just an ajax request and the page dom is manipulated in javascript, the application should make sure to only insert variables as text nodes and not whole dom subtrees with potential script nodes.
Either way, I think it should be done by the plugin. If it's not written correctly and vulnerable to XSS, pretty much the only way to fix it is to fix the plugin itself.
I want to create a modal dialog wizard using spring web flow and dojo.
I searched for embedding the flow in a dialog using embedded mode. But I found very few examples related to this. In these examples, they used JSF dialogs and tiles framework to partially render a form.
Can we do this without using JSF and tiles framework but using jsp and dojo?
Can anyone help me to create a wizard embedded in a dojo dialog using spring web flow?
I wouldn't depend on the dojo framework I believe is no longer supported with webflow. Moreover, webflow wasn't really designed (without hacks) to be embedded inside modal dialogs. It was designed as a simple "flow" navigation from html page to page.
To achieve what you want you'll have to use jquery (or some javascript library) to interact with the current flow via ajax calls to predefined transitions/fragments and manually via javascript take the response html fragments returned by webflow contents and change the contents of your modal dialog box. You could argue this is a "hack" but this is how I achieved what you desire using webflow.
A user asked a similar question a few months ago and i provided a thorough answer explaining how to use webflow + ajax + transitions in dialog boxes.
How to include a pop-up dialog box in subflow
I want to upload a file using the < s:file > tag, but Struts2 doesn't support Ajax for this functionality, as far as I know. I tried to do it using the Struts2 jquery plugin but it overwrites some jquery functions that i need an can't change right now (like .dialog()).
Is there an alternative way to do it?
There are many jquery based plugins for this purpose.
I am using this library. Its the most simple and elegant plugin, minimal requirements and lots of options.
Here are some other plugins which I considered(my preference was a plugin which doesnt use flash)
This one shows thumbnail before uploading and also overall progress
This one shows remaining time, uploading speed and remaining size
This is how I do it (I'm not using JQuery):
I hide an iframe inside my page. I give it an id (iframe for example) and a name (the same than the id).
I set the attribute "target" on my form to the id of the hidden iframe (then, the response from the server is loaded inside the iframe.
I register an event handler on the iframe to react on the onload event. The handler analyse the response from the server. Alternatively, I sometime just return javascript code from the server in a <script> tag. This code performs action on the client upon success or failure of the intended action.
If you like the idea, you may want to read this article or this one:
I'm creating a site where I don't want anything to be done via custom javascript/jquery code at all, and I'm not sure it's going to be possible so need some advice.
The things that I want to be able to do are:
Load a JQuery (or Jquery style) dialog box containing a partial view.
Have a button that will select the "SelectedValue" from a dropdown list and render a partial view. (e.g. select a user from a dropdown and then click a button to add them to a list)
Append a partial view to an existing div.
I'm sure that all the above can be done using custom javascript, but what I want to is to use the standard Ajax and Html helpers that come with MVC3.
Main reason is that I've been struggling to get to grips with jQuery, but I also thought it would be nice to see if it can all be done without having to add a new script to the site.
As always, any help is greatly appreciated (even if it's just pointing me to articles).
The standard Ajax and Html helpers that come with MVC3 are for handling server-side stuff. Even the #Html.ValidationMessageFor helper usually uses their unobtrusive validation lib for jQuery validate.
Keep trying at jQuery, you'll get it. There is a reason it is so popular!
Update
I believe you can do #3 using #Ajax.ActionLink, but don't think you can do 1 or 2 out of the box with the Ajax html helper.
It seems that you can use the Ajax.BeginForm method to do this.
There are issues with the fact that it has been in a separate form as I can't nest the forms though.
why do we need a script manager always when we are using Ajax control?
Script manager control is the control that send the scripts to the client. This control is at the heart of all AJAX related functions. It manages all controls in your Ajax enabled page. It also ensures that partial page updates happen as it is expected.
http://msdn.microsoft.com/en-us/library/system.web.ui.scriptmanager.aspx