I am trying to use an XForms document that creates an instance from a different XML document depending on a request parameter or header. I can't find a way to do it without using Orbeon's xxforms:get-request-parameter().
Orbeon also suggest this:
<xforms:instance id="user-data" src="input:instance"/>
I might be able to use this (assuming BetterForms supports it) but I need multiple XML documents as inputs. I may be able to rig up a way to put all the XML documents into one post XML fragment, but that's not much fun either.
I originally tried generating the XForms as the return of an XQuery document with request:get-parameter() but I'm running into problems with it. Is there something I'm missing or are these methods the only good ways to send stuff to XForms?
At this point, it looks like your choices are as follows:
With Orbeon Forms, use the Orbeon's extension XPath functions to access the HTTP request.
With Better Forms or XSLTForms, contact the authors to see if they can implement the standard URI functions introduced in XForms 2.0.
Related
So I currently already have the swagger UI set up with the page and everything, but I want to edit the .json file (so I can provide descriptions, error codes and stuff but all in one document). Was just wondering where I should be locating my swagger.json or swagger.yaml file to be able to adjust the API??
If not, what's the best practice for documenting parameters, response codes and descriptions WITHOUT having to do it tediously one by one like below...
Any advice on using swagger with nestjs applications would be much appreciated :) Still very new with using it
(I'm using Orbeon Forms 2019.2.0.201912301747 CE). I have a bunch of XForms for which the schemas are in a JAR file in orbeons "WEB-INF\lib". (I am able to get individual schemas using the "oxf:" protocol).
XML Schema has "annotations/documentation" and "annotations/appInfo" elements (intended for use by the application) and I swear that in the past I've read how to access these in XForms, but searching online I can no longer find any information about it! I'd like to find out if I can use "appInfo" in the schema to store text presented to the user (xforms alerts or hints), instead of breaking it out into a separate xml file. (The reason being that subsequent versions of the schema might have this text change, and an XSD documenter can pick up this information.)
I remember it being something pretty simple. Is there someone here who does this? Does it work with Orbeon?
The possibility that comes to mind would be to load the XML Schema into an XForms instance. This is possible because the XML Schema is in XML as well. Then you can refer to various parts of the Schema with XPath in labels, hints, etc. You just need, of course, to know the path to those elements in the XML Schema file.
I've a Web API project which is consumed by an MVC project. The MVC project has a fair amount of user inputs which are displayed as output on the web page.
Now, I want to protect my site from XSS attacks. I've read about Microsoft's AntiXss library, input validations, output filtering etc. But my question is, How do I apply this to my project. Where to put input validations, how to filter my output, how do i sanitize user data, do I need to sanitize the data in APIs also or just in MVC before I send it to the APIs, and if yes, then how, where to use AntiXss library, in MVC or in web API, and how etc.
The answer depends on how exactly user input makes its way into the page DOM in the browser.
If the MVC application generates cshtml pages (with Razor), you need to implement output encoding there, in cshtml files. Note that AntiXSS as a separate library is now deprecated, it's now in the System.Web.Security.AntiXss namespace by default. You need to encode all output according to the context that they get written into (most importantly, you need to encode any input that's written in a Javascript context, be it a script tag, an event attribute like onclick, the first character of a href for an a tag, etc). For plain html output (text between tags) Razor already provides html encoding by default, so it's ok to just do <div>#myVar</div>.
If your frontend consumes something like a JSON API, then you probably have some kind of a client side template engine (Knockout, etc). In that case, it's reasonably safe to send data as received from the user back to the client with an application/json content type (that's actually very important). Then you have to carefully select binding methods to always bind user input as text and not as html to the page elements. This practically means things like using Knockout's text binding instead of html or using jQuery's .text() method instead of .html(), etc.
Please note that a full tutorial on XSS prevention would be way longer than an answer here, so this answer only highlights some high level things and the general way this should be done to prevent XSS.
How struts 2 interceptors will receive sencha json format request. Please give some example of integration.
(Moved to answer for space purposes, this is more of an extended Q&A than answer.)
Why do you want to parse JSON in an interceptor?
Interceptors are for functionality across an entire application–if you have a specific JSON parameter you need in a lot of actions, consider using a base action class and putting your interceptor after the JSON interceptor and just querying the action for the parameter instead. Otherwise you're parsing JSON twice.
If it's not for functionality present across a large portion of the app, then you almost certainly shouldn't be doing the work in an interceptor, but rather an action. To implement this you can use either just the JSON interceptor, or the REST plugin, which handles a lot of other things as well.
There are examples of these in the Struts 2 distribution, but if you have a specific question, it might be easier to ask a real question here or on the Struts user mailing list. Asking for an example is redundant, because the distribution includes examples of most S2 functionality.
I'm working with my team to create an enterprise level web application with Grails, but I don't see any "out of the box" solution to dealing with browser history when using grails with AJAX. Can someone point me to some documentation so that I can nail this?
Thanks a ton.
Grails is predominantly a server-side framework. All it provides in terms of client-side functionality are some tags to make it easy to call the server via AJAX. I'm not aware of any functionality in the core framework to support using the back/forward buttons when AJAX calls are made.
You might find something in a plugin, but I doubt it. Your best bet is to look for this functionality in whichever JS library you're using (YUI, JQuery, Dojo, etc.)
Typically this is done by changing the location.hash property on the page. This corresponds to a string you can add after the current url with a #. Adding or modifying this part of the URL will keep you on the same page, but add an additional history entry.
The jQuery BBQ plugin is a very useful framework to manage the hash. It contains a number of useful methods to manage the hash property as key/value pairs, the same way the regular URL query string works.