Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Form Elements - Form labels and values now do not allow script execution to prevent possible cross-site scripting (XSS) vulnerabilities. Apps that depend on scripting will need to place such scripts into Custom HTML elements.
  2. JSON API Request Methods – Previously, JSON API calls that modify the state of a process (e.g. start a process, complete an assignment, etc) support both HTTP GET and POST. In v4, only POST requests are supported to prevent cross-site request forgery (CSRF) attacks. Read-only API calls are unchanged. Please refer to the latest JSON API reference in the Knowledge Base at{+}http://dev.joget.org/community/display/KB/JSON+API+Image Removed

http://dev.joget.org/community/display/KB/JSON+API

  1.  JSON API
  2. JSON API JSON API Responses – In v4, all JSON API calls respond with JSON responses only. Previously, failed authentication will redirect the request to a login page, but a failed authentication now would result in a JSON 401 response e.g.
    Code Block
    
     {"error":{"message":"","code":"401","date":"Fri Feb 28 17:41:59 MYT 2014"}}
    .
    
    
  3. JSON API Authentication – The JSON API now supports basic authentication, so this would be the recommended authentication mechanism when combined with HTTPS.
  4. JavaScript API Authentication - Previously, in the JavaScript API AssignmentManager.login(url, username, password, callback), the password can be either the plaintext password or user hash. In v4, user hash is only accepted in a separate call AssignmentManager.loginWithHash(url, username, hash, callback)

...