Joget DX 8 Stable Released
The stable release for Joget DX 8 is now available, with a focus on UX and Governance.
Prevent XSS Attack
When using Hash Variable that uses URL parameter or user-inputted value in your custom JS scripts, ensure that these hash variable(s) are escaped!
Make use of hash variable escape keywords, see Hash Variable - Escaping the Resultant Hash Variable.
Use ?javascript hash variable escape. Example:
#requestParam.id?javascript#
Custom HTML in Form Builder can be used to achieve advanced form design.
The easiest way to see how the Custom HTML works is to use the existing built-in App Expenses Claims. Here are the steps:
Click on the Custom HTML element on the canvas to open up the Configure Custom HTML properties. (see Figure 2).
<a href="setupCategory" target="_blank">
Figure 2
Name | Description |
---|---|
ID | Element ID will not be automatically be reflected in the database unless you toggled the Auto populate saved value and use the <input> element in the custom HTML. The <input> Element Any <input> element in the custom HTML will automatically create a database table column based on the name attribute. To retrieve the value back, you can enable Auto Populate Saved Value? under Advanced Options below. Making it Hidden You can name the ID as "hidden" and the content will be hidden away in the runtime/actual UI. |
Custom HTML | Custom HTML in Form Builder can be used to achieve advanced form design by putting in any valid -
|
Name | Description |
---|---|
Label | Element Label to be displayed to the end-user. |
Auto Populate Saved Value? | Toggle to the auto-populate saved value. The <input> Element Any <input> element in the custom HTML will be automatically retrieved so long as the name attribute is the same as the database table column Does not support the following input types: file, button, submit, reset & image |
Sanitize Input Value? | Checking the box will sanitize the input value before storing input data in the database. Please see Form Input Sanitization |