Use webblock input parameters  in the  block level javascript
Application Type
Reactive
Service Studio Version
11.10.20 (Build 41354)
Platform Version
11.10.4 (Build 29616)

Hi all,

I want to use input parameters of a webblock in javascript code which i have written at block level javascript .I was using expression with escape content set to no and assigning the input parameters in the expression to my variables and then calling a function which was defined at the block level javascript . Using javascript in expression is giving the warning ensure your expression is protected using encodejavascript , sanitizehtml ,encodehtml . 

following is the javascriptcode used in expression 

"<script type='text/javascript'>

    // Setting the regular scheme-based URL to open the app 
    var custom = '" + ToLower(AppIdentifier) + "://" + AppModule + "/" + Screen + If(Parameters = "","","?" + Parameters) + "';

    // Creating an intent as per https://developer.chrome.com/multidevice/android/intents , with a fallback URL
    var g_intent = 'intent://" + AppModule + "/" + Screen + If(Parameters = "","","?" + Parameters) + 
    "#Intent;scheme=" + ToLower(AppIdentifier) + ";package=" + ToLower(AppIdentifier) + ";S.browser_fallback_url="+ FallbackURL +";end';

    // set the correct iOS App Store and Android Play Store URLs for manual redirect     
    var appstore = '" + AppStoreURL + "';
    var playstore = '" + PlayStoreURL + "';
    var fallbackurl = '" + FallbackURL + "';

    // Force the use of intents for all browsers on Android (useful if you have uppercase letters in the app identifiers)
    var forceintent = " + If(Site.Android_ForceIntentURI,"true","false") + ";

    var heartbeat;
    var iframe_timer;
    var timer;

    detectMobileOrDesktop();
    //function above has replaced : launch_app_or_alt_url($(this));

</script>"

i have tried sanitizehtml in the full code but then this exprsion doesnot execute , I have usedencodejavascript() for all literals but the warnong dosent go. 

This is the javascript defined at block level

var custom;
var g_intent;
var timer;
var heartbeat;
var iframe_timer;
var appstore;
var playstore;
var fallbackurl;
var forceintent;
  
function writeMsg(){
    $('.Redirecting').show();
}

function clearTimers() {
    clearTimeout(timer);
    clearTimeout(heartbeat);
    clearTimeout(iframe_timer);
}

function intervalHeartbeat() {
    if (document.webkitHidden || document.hidden) {
        clearTimers();
    }
}

function tryIframeApproach() {
    var iframe = document.createElement('iframe');
    iframe.style.border = 'none';
    iframe.style.width = '1px';
    iframe.style.height = '1px';
    iframe.onload = writeMsg;
    iframe.src = custom;
    document.body.appendChild(iframe);
}

function tryWebkitApproach() {
    document.location = custom;
    timer = setTimeout(openCorrectStore(), 2500);
}

function useIntent() {
    // Deprecated, since newer Chrome versions do not 
    // allow opening intent URLs through JS redirection
    document.location = g_intent;
    
    // The web's workaround is to do a "click-redirect"
    //$('.HiddenAndroidLink').click();
}

function detectThroughUserAgent() {
    if (navigator.userAgent.match(/Chrome/)) {
        return "chrome";
    } else if (navigator.userAgent.match(/Firefox/)) {
        return "firefox";
    } else {
        return "other";
    }
}

function isMobile() {
    return navigator.userAgent.match(/(iPad)|(iPhone)|(iPod)|(android)/i);
}

function isAndroid() {
    return /Android/i.test(navigator.userAgent);
}

function isiOS() {
    return /iPhone|iPad|iPod/i.test(navigator.userAgent);
}

function openCorrectStore(){
    if(isiOS()) {
        window.location = appstore;
    } else if (isAndroid()){
        window.location = playstore;
    }
}

function detectMobileOrDesktop(){
    if(isMobile()) {
        launch_app_or_alt_url($(this));
    } else {
        window.location = fallbackurl;
    }
}

function launch_app_or_alt_url(el) {
    heartbeat = setInterval(intervalHeartbeat, 200);
    var ua = detectThroughUserAgent();
    
    switch(ua){
        case "chrome":    
            if (isAndroid() && forceintent === true) {
                useIntent();
            } else {
            tryWebkitApproach();
            }
            break;
        case "firefox":
            tryWebkitApproach();
            iframe_timer = setTimeout(function () {
                tryIframeApproach();
            }, 1500);
            break;
        case "other":
            tryWebkitApproach();
            break;
        default:
    }
}

The input parameters are  AppModule , Appidentifier ,Screen ,in, AppstoreURL ,PlaystoreURL, FallbackURL , Parameters.


How can i remove the warning or define these in the block level javascript.


Thanks & Regards


mvp_badge
MVP
Solution

Hi Kanishka,

As already mentioned by Marco, you will have to wrap the referred variables (within the custom JS code) with an in-built EncodeJavaScript() function.

I tried the same, and the code is executing fine, and also I am not getting any warning message in the service studio.

Based on the shared information like setting expression escape content property value and referring site property value, I'm pretty sure that you are using the Traditional Web application instead of RWA as mentioned in the main Post.

As I don't have the actual Web block input parameter values, I'm not sure whether the JS code is doing its job or not, but the defined custom JS is successfully loaded & executing.

Refer to the attached .oml file


I hope this helps you!


Kind regards,

Benjith Sam

DigitalLabJS.oml

Thanks 

Benjith Sam This worked.

mvp_badge
MVP

You're welcome, Kanishka.

Glad to help you :)


Kind regards,

Benjith Sam

Hi Kanishka,


You should surround all the parameters in encodejavascript. 

For Example:

    var appstore = '" + EncodeJavascript(AppStoreURL) + "';
    var playstore = '" + EncodeJavascript(PlayStoreURL) + "';
    var fallbackurl = '" + EncodeJavascript(FallbackURL) + "';


Also, if this is a reactive application, you should use the javascript element in action flow. This way you 

could add input/output parameters from your javascripts

Hope this helps,

Regards

Hey i tried this but the warning is still there.

mvp_badge
MVP
Solution

Hi Kanishka,

As already mentioned by Marco, you will have to wrap the referred variables (within the custom JS code) with an in-built EncodeJavaScript() function.

I tried the same, and the code is executing fine, and also I am not getting any warning message in the service studio.

Based on the shared information like setting expression escape content property value and referring site property value, I'm pretty sure that you are using the Traditional Web application instead of RWA as mentioned in the main Post.

As I don't have the actual Web block input parameter values, I'm not sure whether the JS code is doing its job or not, but the defined custom JS is successfully loaded & executing.

Refer to the attached .oml file


I hope this helps you!


Kind regards,

Benjith Sam

DigitalLabJS.oml

Thanks 

Benjith Sam This worked.

mvp_badge
MVP

You're welcome, Kanishka.

Glad to help you :)


Kind regards,

Benjith Sam

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.