Versions Compared

Old Version 429

changes.mady.by.user Lars Kröhnke

Saved on

compared with

New Version 430

changes.mady.by.user Matthew Wagner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleXperienCentral R37.1

XperienCentral R37.1

Release date: July 10, 2023


Note

Minimum Version Required for Upgrading to XperienCentral R37.1

Upgrading to XperienCentral R37.1 requires a minimum version of R26. If you are upgrading from XperienCentral R25 or lower, you must first upgrade to R26 and then upgrade to XperienCentral R37.1.


HTML
<br />

Check Configuration Files

See Check Configuration Files.

Best Practices for Strict Content Security Policy (CSP) Configurations

It is recommended that you no longer use event attributes like onclick and onsubmit in your HTML. This applies to both the front- and backend of XperienCentral. The reason is that a strict CSP will block these methods from executing. For example, code like this:


Code Block
themeEclipse
<input onclick="doSomething()" />


should be replaced by something similar to this:


Code Block
themeEclipse
<input id="myInput" />

<!-- this can either be in a separate file or inline, as we add a CSP secure nonce to inline scripts -->

<script>

document.getElementById('myInput').addEventListener('click', function() {
    doSomething();
})

</script>


This recommendation also goes for the wmedit tags like select and button. Sometimes attributes like onclick or onkeypress are added to the include of these tags and will be rendered on the input. This strategy will also no longer work with a strict CSP policy. In some cases the onClick is located on a table row like in the example below. For situations like this, the fix is slightly different:


Code Block
themeEclipse
titleBefore
<c:forEach var="tableRow" items="${tableRow}">
...
   <tr onclick="doSomething(${someParameter})">
       ....
   </tr>
...
</c:forEach>


Code Block
themeEclipse
titleAfter
<c:forEach var="tableRow" items="${tableRow}"> 
   ...
   <tr class="tableRow" data-some-parameter="${someParameter}">
      ...
   </tr> 
   ... 
</c:forEach> 
<script type="text/javascript">
   const tableRows = document.getElementsByClassName('tableRow');

   for (let tableRow of tableRows) {
      let someParameter = tableRow.dataset.someParameter;
      tableRow.addEventListener('click', function () {
         doSomething(someParameter);
      });
   }
</script>


Angular and CSS Styling

Beginning in XperienCentral R39.0, GX Software recommends that you prevent Angular panels from rendering inline CSS styling. You should configure your Content Security Policy to block this. In Angular version 12, the so called "critical CSS" is rendered inline by default. This can be changed easily by setting the inlineCritical option in your build to false. For more information see [https://0xdbe.github.io/AngularSecurity-DisableInlineCriticalCSS/].

Password Requirements

The password strength requirements have been modified in XperienCentral R39. A password must now contain 12 or more characters. While existing passwords will still work after upgrading to R39, GX Software recommends that you encourage your users to change their password after upgrading.

XperienCentral Online Help Component

The Online Help component has been removed from XperienCentral in version R37.1. You must therefore modify any custom plugins that have a dependency on this component.


HTML
<br /><br /><br /><br /><br /><br /><br /><br />


...