Joget DX 8 Stable Released
The stable release for Joget DX 8 is now available, with a focus on UX and Governance.
Prevent XSS Attack
When using Hash Variable that uses URL parameter or user-inputted value in your custom JS scripts, ensure that these hash variable(s) are escaped!
Make use of hash variable escape keywords, see Hash Variable - Escaping the Resultant Hash Variable.
Use ?javascript hash variable escape. Example:
#requestParam.id?javascript#
Custom HTML in Form Builder can be used to achieve advanced form design.
The easiest way to see how the Custom HTML works is to use the existing built-in App Expenses Claims. Here are the steps:
Hover the mouse over the Custom HTML element on the canvas and click on Edit to open up the Edit Custom HTML properties. (see Figure 2).
<a href="setupCategory" target="_blank">
Figure 2
Name | Description |
---|---|
ID | Element ID (By declaring as "html", a corresponding database table column "c_html" will be created) Making it Hidden You can name the ID as "hidden" and the content will be hidden away in the runtime/actual userview. |
Custom HTML | Custom HTML in Form Builder can be used to achieve advanced form design by putting in any valid -
|
Name | Description |
---|---|
Label | Element Label to be displayed to the end-user. |
Auto populate saved value? | Toggle to the auto-populate saved value. The <input> Element Any <input> element in the custom HTML will be automatically retrieved so long as the name attribute is the same as the database table column Does not support the following input types: file, button, submit, reset & image |
Sanitize Input Value? | Checking the box will sanitize the input value before storing input data to database. Please see Form Input Sanitization |