XperienCentral R37.1Release date: July 10, 2023
Note |
---|
Minimum Version Required for Upgrading to XperienCentral R37.1Upgrading to XperienCentral R37.1 requires a minimum version of R26. If you are upgrading from XperienCentral R25 or lower, you must first upgrade to R26 and then upgrade to XperienCentral R37.1. |
Check Configuration FilesSee Check Configuration Files. Best Practices for Strict Content Security Policy (CSP) ConfigurationsIt is recommended that you no longer use event attributes like onclick and onsubmit in your HTML. This applies to both the front- and backend of XperienCentral. The reason is that a strict CSP will block these methods from executing. For example, code like this:
Code Block |
---|
| <input onclick="doSomething()" /> |
should be replaced by something similar to this:
Code Block |
---|
| <input id="myInput" />
<!-- this can either be in a separate file or inline, as we add a CSP secure nonce to inline scripts -->
<script>
document.getElementById('myInput').addEventListener('click', function() {
doSomething();
})
</script> |
This recommendation also goes for the wmedit tags like select and button . Sometimes attributes like onclick or onkeypress are added to the include of these tags and will be rendered on the input. This strategy will also no longer work with a strict CSP policy. In some cases the onClick is located on a table row like in the example below. For situations like this, the fix is slightly different:
Code Block |
---|
| <c:forEach var="tableRow" items="${tableRow}">
...
<tr onclick="doSomething(${someParameter})">
....
</tr>
...
</c:forEach> |
Code Block |
---|
| <c:forEach var="tableRow" items="${tableRow}">
...
<tr class="tableRow" data-some-parameter="${someParameter}">
...
</tr>
...
</c:forEach>
<script type="text/javascript">
const tableRows = document.getElementsByClassName('tableRow');
for (let tableRow of tableRows) {
let someParameter = tableRow.dataset.someParameter;
tableRow.addEventListener('click', function () {
doSomething(someParameter);
});
}
</script> |
Angular and CSS StylingBeginning in XperienCentral R39.0, GX Software recommends that you prevent Angular panels from rendering inline CSS styling. You should configure your Content Security Policy to block this. In Angular version 12, the so called "critical CSS" is rendered inline by default. This can be changed easily by setting the inlineCritical option in your build to false . For more information see [https://0xdbe.github.io/AngularSecurity-DisableInlineCriticalCSS/]. Password RequirementsThe password strength requirements have been modified in XperienCentral R39. A password must now contain 12 or more characters. While existing passwords will still work after upgrading to R39, GX Software recommends that you encourage your users to change their password after upgrading. XperienCentral Online Help ComponentThe Online Help component has been removed from XperienCentral in version R37.1. You must therefore modify any custom plugins that have a dependency on this component.
HTML |
---|
<br /><br /><br /><br /><br /><br /><br /><br /> |
|