HTML Markup for APEX Tree Tweet
HTML Markup in an APEX tree? YES: with this plugin
This plugin enables HTML Markup within an APEX Tree Region which normally escapes all HTML Special characters. The idea is to use replacement characters for "<", ">" and "&" in the Tree SQL query and to configure these in the plugin. The plugin fires as a dynamic action after page load and uses some jQuery logic to activate the HTML markup by changing the replacement characters back to HTML syntax.
A note about the security topic:
The reviewer below is right - using the plugin might introduce an XSS vulberability if tree contains end-user supplied content.
The plugin is as secure or insecure as the "Standard Report Column" setting in an normal APEX report. So if you are using it make sure that all tree content is not derived from end users or that end user content has been checked beforehand.
Example APEX Tree SQL query:
select case when connect_by_isleaf = 1 then 0
added plugin parameter for unbinding the mouse click and double click handlers added by the tree component. Use this if your tree links are not working together with this plugin
Do you have a question about this Plugin? Want to write a Review or Comment?
Reviews / Questions / Comments are e-mailed to the author of the Plug-in.
You must not build the tree values with *any* values that derive from the user. We are marking this plugin as insecure in our ApexSec security scanner.
To test, set ENAME to "[script]alert('hi')[/script]"
|Powered by Sigsiu.NET|