Forums / General / ezxml and JavaScript

ezxml and JavaScript

Author Message

Kristof Coomans

Thursday 28 December 2006 5:38:37 am

The ezxml link tag doesn't allow to insert JavaScript. When trying to do so, you will get a validation error:

Using scripts in links is not allowed, link '...' has been removed

What do you think is the best solution to insert JavaScript into an ezxml field?

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Paul Forsyth

Thursday 28 December 2006 8:42:13 am

First thought would be a custom tag or within a literal. Though it depends on the use - coding into a template for a custom tag isnt the more practical and i've not tried a literal for js in years (!).

Whats your purpose for the js?

Paul

Kristof Coomans

Thursday 28 December 2006 9:55:23 am

I want to insert bookmarklets (http://en.wikipedia.org/wiki/Bookmarklet ).

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Claudia Kosny

Thursday 28 December 2006 3:49:47 pm

Hi Kristof

Can't you just use an onClick attribute?

Claudia

kracker (the)

Thursday 28 December 2006 4:37:55 pm

Use a custom tag!

<i>http://ezpedia.org/wiki/en/ez/custom_tags</i>

There are years of posts about everything you could need to know about custom tags scattered on ez.no

And with the 3.8 release they are simpler to use within the online editor while editing ezxml content object attributes.

//kracker

Member since: 2001.07.13 || http://ezpedia.se7enx.com/

Kristof Coomans

Friday 29 December 2006 1:09:26 am

Thanks for the feedback.

I think the onclick event won't work, since the bookmarklet should be bookmarkable.

I tried a custom tag and that works fine.

Maybe there are still other (and safer) ways to accomplish this. If other users can post on a site then they can also use your custom tag.

Anyone ever used a seperate object containing the JavaScript and embedded that with the embed-inline tag? It sounds overkill but when non-privileged users are not allowed to create or edit the JavaScript objects, then there's no danger for XSS attacks.

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

kracker (the)

Friday 29 December 2006 1:31:32 am

Why not use a custom tag which does not accept or use user input (via attributes) or content input (inline custom tag)?

//kracker

Member since: 2001.07.13 || http://ezpedia.se7enx.com/

Kristof Coomans

Friday 29 December 2006 2:46:46 am

That's a possibility too. What if I want to add several bookmarklets to an article?

a) I need to add different custom tags for each bookmarklet.
b) I add a switch in the custom tag view template. Depending on a custom tag attribute it inserts the right bookmarklet.

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

kracker (the)

Friday 29 December 2006 3:22:51 am

What if I want to add several bookmarklets to an article?

a) I need to add different custom tags for each bookmarklet.
b) I add a switch in the custom tag view template. Depending on a custom tag attribute it inserts the right bookmarklet.

 

In response to item, a
- Question: What exactly will differentiate one final rendered bookmarklet code snippet from another from within the same content attribute / document.

In response to item, b
- Question: Why must custom tag attributes be used to insert the right bookmarklet? (Dependant on answer to above)

- Comment: This would go against processing or using user input in the creation of the custom tag / bookmarklet (to prevent security vulnerabilities related to code injection) unless you have a set standard switch cases say of 1,2,3,4 which insert the correct bookmarklet. It just seems to snow ball quickly downhill once you start accepting user input (let alone informing users of accepted input).

- Comment: Because it sounds like a bookmarklet needs a title and a url. the client knows the url and the url's document name. I don't see why your bookmarklet could not be entirely client side js code and avoid this problem entirely. If you have to say pass it a url via js that's simple enough to grab from within the custom tag via the wrap_operator or other method. If you have to say pass it a url document name, say you grab the current document's name + site title from within the custom tag.

- Comment: I still don't see why user input is needed to include a snippet of code which passes your bookmarklet code snippet the needed argument per instance; a name and url detected via php, tpl or js. A good bookmarklet will pop open a browser based dialog with the ability to alter the default name on the client side.

//kracker

It's what I was thinking, I still should not have posted it ..

Member since: 2001.07.13 || http://ezpedia.se7enx.com/

Kristof Coomans

Friday 29 December 2006 3:34:56 am

<b>Question: What exactly will differentiate one final rendered bookmarklet code snippet from another from within the same content attribute / document</b>
Answer: the title and the content of the href attribute. I meant adding different (~several) bookmarklets.

<b>unless you have a set standard switch cases say of 1,2,3,4 which insert the correct bookmarklet</b>
Exactly what I meant with b)

independent eZ Publish developer and service provider | http://blog.coomanskristof.be | http://ezpedia.org

Paul Forsyth

Friday 29 December 2006 5:44:02 am

I've just tried using literal and it seems to work fine.

Paul Forsyth

Friday 29 December 2006 6:20:43 am

Hmmm, it looks like the link does go through but the brackets are mangeld by eZ in the db :(

Tally Amara

Monday 01 January 2007 2:45:27 am

Please tell me how to add Google Analytics to my site.
Thanks,
Tally

Brookins Consulting

Monday 19 November 2007 6:20:49 am

<i>@Tally Amara</i>
<i> > Re: Please tell me how to add Google Analytics to my site.</i>

Hello,

While this conversation has come to a close we would like to add the following note to future forum archive readers searching for a similar solution.

BC Website Statistics is a product (an extension) certified by eZ Systems, supported by Brookins Consulting, and a flexible proven solution for integrating Google Analytics with eZ Publish. This extension has been created to provide eZ Publish customers seeking a complete, ready to use, out-of-the-box solution integrating eZ Publish with the Google Analytics web statistics reporting service.

BC Website Statistics, http://ez.no/products/certified_extensions/bc_website_statistics

Cheers,
Brookins Consulting

eZ Partner | North American Experience
http://brookinsconsulting.com/experience

eZ debug

Timing: Jan 18 2025 01:04:32
Script start
Timing: Jan 18 2025 01:04:32
Module start 'content'
Timing: Jan 18 2025 01:04:33
Module end 'content'
Timing: Jan 18 2025 01:04:33
Script end

Main resources:

Total runtime0.8127 sec
Peak memory usage4,096.0000 KB
Database Queries235

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0062 587.6016180.8516
Module start 'content' 0.00630.6690 768.4531833.7813
Module end 'content' 0.67520.1374 1,602.2344357.3281
Script end 0.8127  1,959.5625 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.00380.4732210.0002
Check MTime0.00140.1715210.0001
Mysql Total
Database connection0.00110.139410.0011
Mysqli_queries0.709587.29712350.0030
Looping result0.00230.28052330.0000
Template Total0.787896.920.3939
Template load0.00230.278920.0011
Template processing0.785596.649420.3928
Template load and register function0.00010.014510.0001
states
state_id_array0.00070.086510.0007
state_identifier_array0.00090.115820.0005
Override
Cache load0.00210.2588780.0000
Sytem overhead
Fetch class attribute can translate value0.00150.185670.0002
Fetch class attribute name0.00100.1224170.0001
XML
Image XML parsing0.00210.257370.0003
class_abstraction
Instantiating content class attribute0.00000.0053230.0000
General
dbfile0.00560.6890410.0001
String conversion0.00000.000930.0000
Note: percentages do not add up to 100% because some accumulators overlap

CSS/JS files loaded with "ezjscPacker" during request:

CacheTypePacklevelSourceFiles
CSS0extension/community/design/community/stylesheets/ext/jquery.autocomplete.css
extension/community_design/design/suncana/stylesheets/scrollbars.css
extension/community_design/design/suncana/stylesheets/tabs.css
extension/community_design/design/suncana/stylesheets/roadmap.css
extension/community_design/design/suncana/stylesheets/content.css
extension/community_design/design/suncana/stylesheets/star-rating.css
extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css
extension/community_design/design/suncana/stylesheets/buttons.css
extension/community_design/design/suncana/stylesheets/tweetbox.css
extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css
extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css
extension/sevenx/design/simple/stylesheets/star_rating.css
extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css
extension/sevenx/design/simple/stylesheets/main.v02.css
extension/sevenx/design/simple/stylesheets/main.v02.res.css
JS0extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js
extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js
extension/community_design/design/suncana/javascript/jquery.ui.core.min.js
extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js
extension/community_design/design/suncana/javascript/jquery.easing.1.3.js
extension/community_design/design/suncana/javascript/jquery.ui.tabs.js
extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js
extension/community_design/design/suncana/javascript/jquery.popmenu.js
extension/community_design/design/suncana/javascript/jScrollPane.js
extension/community_design/design/suncana/javascript/jquery.mousewheel.js
extension/community_design/design/suncana/javascript/jquery.cycle.all.js
extension/sevenx/design/simple/javascript/jquery.scrollTo.js
extension/community_design/design/suncana/javascript/jquery.cookie.js
extension/community_design/design/suncana/javascript/ezstarrating_jquery.js
extension/community_design/design/suncana/javascript/jquery.initboxes.js
extension/community_design/design/suncana/javascript/app.js
extension/community_design/design/suncana/javascript/twitterwidget.js
extension/community_design/design/suncana/javascript/community.js
extension/community_design/design/suncana/javascript/roadmap.js
extension/community_design/design/suncana/javascript/ez.js
extension/community_design/design/suncana/javascript/ezshareevents.js
extension/sevenx/design/simple/javascript/main.js

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1node/view/full.tplfull/forum_topic.tplextension/sevenx/design/simple/override/templates/full/forum_topic.tplEdit templateOverride template
9content/datatype/view/ezimage.tpl<No override>extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tplEdit templateOverride template
14content/datatype/view/ezxmltext.tpl<No override>extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tplEdit templateOverride template
20content/datatype/view/ezxmltags/paragraph.tpl<No override>extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tplEdit templateOverride template
2content/datatype/view/ezxmltags/literal.tpl<No override>extension/community/design/standard/templates/content/datatype/view/ezxmltags/literal.tplEdit templateOverride template
8content/datatype/view/ezxmltags/line.tpl<No override>design/standard/templates/content/datatype/view/ezxmltags/line.tplEdit templateOverride template
1pagelayout.tpl<No override>extension/sevenx/design/simple/templates/pagelayout.tplEdit templateOverride template
 Number of times templates used: 55
 Number of unique templates used: 7

Time used to render debug report: 0.0002 secs