We generated our custom SAP Commerce Smartedit extension using the ant extgen target with the SAP Commerce Version 2105. We still get a warning in Smartedit:
Failed to load legacy AngularJS module CustomExtensionNameSmarteditContainer into smarteditcontainer; SmartEdit functionality may be compromised.
How can this be prevented? Not sure if some functionality is broken because of this legacy handling. The SAP documentation does not provide any documentation to this warning.
Related
I'm migrating a project using hybris 5.4 to 2105.
In the project, there is a custom OMS extension using omsOrders, omsclients and omsats and in version 2105 these extensions don't even exist.
Any alternative to solve the extension errors or will I have to practically redo the business logic?
Because, in this custom OMS extension, each order is sent on an endpoint and according to the endpoint's response, the order is updated according to the business rules
We are using Lotus Notes technology for web application development. In order to make our application more secured, we are trying to fix some security level issues. One such issue that we are trying to fix is : Cross Site Scripting.
Here are the issue details. As part of application functionality data is getting processing from one web page to other web page to full fill the workflow process. During the process of data we require help to handle richtext fields data form special characters () to provide the security for hacking at third party level becuse our application is public domain.
Cross Site Scripting vulnerability is one that enables a hacker to place client side scripts (usually JavaScript) into web pages. XSS vulnerabilities generally occur when an application takes user input and outputs it in a page without validating, encoding or escaping it.
We are trying to solve the above issue for CKeditor (Third party tool) being used in our application. The CKeditor contains Richtext field data. We are unable to handle the request from backend to prevent the hacker from altering the request parameters.
For your kind information, We are using the domino Release 9.0.1 FP4 on windows/Longhom 6.2 intel and the version of CKeditor is 4.4.6. We searched online for various solutions for handling xss for rich text field(ck Editor) but could not find any. We also saw that CK Editor upgraded versions do not provide any fix for the XSS issue.
Kindly please provide a code level help to handle this issue to fix the XSS vulnerability?
Look at Content Filtering (ACF):
https://ckeditor.com/docs/ckeditor4/latest/guide/dev_acf.html
Is there an easy way to modify an application that has been built using bootstrap4xpages so it now uses that same code that has become part of the extension Library? This would allow the application to get the updates as I guess the bootstrap4xpages plugin won'T be updated anymore.
Thanks :)
If the application uses the Select2 control, you'll still need both in the xsp.properties. That's because there are licensing issues that prevented the Select2 control being included in Extension Library plugin.
Otherwise, as Per says, you can just remove the org.openntf.xsp.bootstrap.library reference from the xsp.properties.
I want to detect whether a browser supports the Ember.js library. If not, I will show users a message to let them download the latest version of their browser. How can I do that?
There is an answer to a similar question contributed by an Ember.js core team member.
In it, he states that the majority of the browsers on browserstack.com are supported, meaning they do thorough testing.
Rather than show the message based on a functionality test of the user's browser each time they load your application, I suggest you instead build a list of known incompatible browsers (anything older than what is on BrowserStack would be a good start) and expand it based on monitoring your access logs or reported issues from the likely minority users on unsupported browsers.
That "blacklist" approach would serve most efficient, as Ember.Js and other libraries like jQuery are usually designed to continually support all new browsers.
I would like to know whether plugins (such as the OpenNTF Extension Library) need to be manually installed on any Notes Client that will be using an XPages in the Notes Client Application (XPiNC) that is dependent upon those plugins.
According to the Mastering XPages book, page 500 in the XPages in the Notes Client Chapter:
XULRunner will cache the usual resources used on the XPage but the Java classes still need to be loaded across the network for each new notes session
I understood this to mean that if there are plugins, such as the OpenNTF extension library, that they would be sent across to the Notes Client so that these dependencies would be resolved, allowing the user to use the application in the notes client, without worrying about having updating or not.
I have configured the UpdateSite.nsf on the server (8.5.3) for the dynamic loading of plugins when the HTTP server starts, this is working fine for the XPages being accessed through a web browser. However only clients that have had the 8.5.3 Upgrade pack applied (which includes the OpenNTF Ext Library), are able to access the application using the client.
It seems to me that it will be very cumbersome. The benefit of XPages would be gradual migration from the Client to Web, but to have to worry about plugin dependencies on everyones machine would be a backwards step?
Yes! You have to install extension lib plugins on clients for xpinc. You can use the update pack given by IBM or create a widget, put it in your widget catalog and then deploy it using policies or ask users to do it manually.
Stephen H Wissel has listed the steps to do this on his
blog. http://www.wissel.net/blog/d6plinks/SHWL-8GZM9A
You have to deploy the plugins to the client,
if you want to use the plugins in XPINC apps, as far as I know.