Comments (6)
We reviewed this ticket as a group today and determined that the "safe" pipe is a wise requirement when injecting variables into the markdown - as this could be used to inject javascript into a webpage by a bad actor completing a web form. By using the "|safe" it encourages the BPMN author to assure that the data they are displaying the markdown will always come from a trusted source (such as a dmn table or script task) and not from a user form. Closing, but please re-open if you would like us to consider this in the future.
from spiff-arena.
Hi, thanks for the wonderfully-detailed bug report! It would probably make sense to do something a bit better by default here when a dictionary is rendered. We will think about how we might do that. I also just wanted to point out that you can do something like this in your instructions to give the user a nice link:
Check out this [awesome url]({{d['a_url']}}).
This uses [markdown](https://www.markdownguide.org)
link syntax alongside the jinja. You had probably already noticed that this was possible, but just in case!
Also, thanks for your kind words about the product. If there is an opportunity to work together in the future, please just let us know. We're always looking for sustainable ways to fund the project. :)
from spiff-arena.
Your great work deserves the kind words, as everybody likes an opensource solution :)
And thank you for providing a workaround. I can modify some of my instructions in my demo project.
Still, as you mentioned, if it is not a heavy workload, please consider doing something here when rendering a dictionary by default. As the dictionary to be rendered may contain many URLs.
For example, I am running a demo server to provide some web APIs and the outputs of them are some files on a file server. The returned JSON is something like this:
{
"file_qwer_a":"URL_a",
"file_mnbv_b":"URL_b",
......
"file_asdf_n":"URL_n"
}
When there are many URLs, modifying instructions one by one maybe not be the best way :)
Furthermore, sometimes you may not know the keys in the dictionary in advance.
Certainly, you have your own concerns and priorities. This is just my suggestion based on my limited experience.
I will follow this helpful project.
Good luck and thank you again :)
from spiff-arena.
I played around with this and while not exactly what you are asking for, this may serve as a decent work around. Given task data such as:
d = {"a_url": "http://example.com/1", "b_url": "http://example.com/2"}
The instructions:
| Key | Value |
|----|----|
{% for k, v in d.items() %}
| {{k}} | {{v|safe}} |
{% endfor %}
Will give you a table such as:
Key | Value |
---|---|
a_url | http://example.com/1 |
b_url | http://example.com/2 |
Not saying that we should not change the default output, but one advantage to an approach like this would be that you have more control over the output.
from spiff-arena.
@jbirddog Thank you for providing another useful workaround. I am not familiar with Jijia, thus I did not think of this workaround :)
Good to know you plan to do something here and good luck with the bug fixing.
By the way, looking forward to more articles at "https://www.spiffworkflow.org/posts/article" or somewhere else :)
from spiff-arena.
@zl6977 - be sure to check out our videos on youtube as well (https://www.youtube.com/channel/UCtDHzDfhyvnAb8CFmdwucUA). If you would like to help us out, please consider writing a few sentences that we could use on our website (along with a picture, your name, and your company). Star our projects on GitHub. Follow us on Twitter and Linked In and repost some of our stuff. Sign up for our newsletter, which will come out this week with a long list of features and bug fixes for the last couple of months. You can do much of this on our website. You can send me the endorsement over email to [email protected]. These are great ways to show us you really do appreciate the work we are doing on the project.
from spiff-arena.
Related Issues (20)
- Please document restrictions in python usage in SpiffArena HOT 1
- Ability to configure sqlalchemy options HOT 17
- PI Migration - Call activity/Sub process update HOT 4
- PI Migration - Revert doesn't seem to work HOT 6
- PI Migration - Timer update migration error HOT 12
- PI Migration - Data input/output deletion HOT 5
- PI Migration - revert HOT 11
- PI Migration - Multi Instance HOT 14
- dev.mod - Celery - Multi instance - output collection
- PI Migration - Form updates HOT 6
- Execute Task and Skip task doesn't work for script task/send task/milestones HOT 2
- PI Migration - Milestones duplicated HOT 2
- Metrics: Stream events from the backend
- PI Migration: get forms into serialization HOT 3
- process instance events lose task info when tasks are deleted HOT 3
- Loop back path completed items colors HOT 1
- PI Migration - when current activity's name is updated HOT 3
- MI model related error
- Call activity from another call activity - Error HOT 2
- Inclusive Gate way - 'maximum recursion depth exceeded' error HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spiff-arena.