Joget DX 8 Stable Released
The stable release for Joget DX 8 is now available, with a focus on UX and Governance.
Prevent XSS Attack
When using Hash Variable that uses URL parameter or user-inputted value in your custom JS scripts, ensure that these hash variable(s) are escaped!
Make use of hash variable escape keywords, see Hash Variable - Escaping the Resultant Hash Variable.
To fix this, use ?javascript hash variable escape:
#requestParam.id?javascript#
Custom HTML in Form Builder can be used to achieve advanced form design.
The easiest way to see how the Custom HTML works is to use the existing built-in App Expenses Claims. Here are the steps:
Steps | Screens (Click to view) |
---|---|
|
Figure 1
Figure 2 Figure 3 |
Name | Description | Screen (Click to view) |
---|---|---|
ID | Element ID (By declaring as "html", a corresponding database table column "c_html" will be created) Making it Hidden You can name the ID as "hidden" and the content will be hidden away in the runtime/actual userview. | |
Custom HTML | Custom HTML in Form Builder can be used to achieve advanced form design by putting in any valid -
|
Name | Description | Screen (Click to view) |
---|---|---|
Label | Element Label to be displayed to the end-user. | |
Auto populate saved value? | Toggle to the auto-populate saved value. The <input> Element Any <input> element in the custom HTML will be automatically retrieved so long as the name attribute is the same as the database table column Does not support the following input types: file, button, submit, reset & image |