Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
en:beginner:customization [2014/04/14 11:52]
127.0.0.1 external edit
en:beginner:customization [2019/12/05 13:33] (current)
anupama [Customization]
Line 9: Line 9:
 can be very useful during the process: can be very useful during the process:
   * The [[en:​directory_structure|directory structure]] page can help you locate important files and folders in your installation.   * The [[en:​directory_structure|directory structure]] page can help you locate important files and folders in your installation.
-  * Understanding how [[en:user:urls|Greenstone URLs]] work, including CGI arguments, can help you create links to various pages in your collection.+  * Understanding how Greenstone URLs ([[en:user:gs3_urls|gs3]], [[en:​user:​gs2_urls|gs2]]work, including CGI arguments, can help you create links to various pages in your collection.
   * Knowing the [[en:​user:​configuration_files|files that configure]] specific aspects of your installation is very important as you begin to customize.   * Knowing the [[en:​user:​configuration_files|files that configure]] specific aspects of your installation is very important as you begin to customize.
  
Line 40: Line 40:
 make modifying or overriding an interface easier: make modifying or overriding an interface easier:
   * **[[en:​user:​themes|Themes]]**,​ are the easiest way to change how your library looks. The default Greenstone3 interface is built using JQuery themes, which allow you to change the color-scheme (as well as things like roundness of corners) effortlessly. While even advanced users will find themes useful, they are especially valuable for non-technical users, because they require //​absolutely no// knowledge of CSS, HTML, or XSL   * **[[en:​user:​themes|Themes]]**,​ are the easiest way to change how your library looks. The default Greenstone3 interface is built using JQuery themes, which allow you to change the color-scheme (as well as things like roundness of corners) effortlessly. While even advanced users will find themes useful, they are especially valuable for non-technical users, because they require //​absolutely no// knowledge of CSS, HTML, or XSL
-  * **[[en:​user:​format_statements|Format statements]]**:​ In many cases, if you do not know XSL, you can instead use [[en:user:format_statements|Greenstone'​s statement format (''​gsf''​)]],​ which Greenstone will translate (behind-the-scenes) into XSL. ''​gsf''​ syntax is XML-based. (If you don't know XML, don't worry; it looks and acts very similarly to HTML.)+  * **[[en:​user:​gs3_format_statements|Format statements]]**:​ In many cases, if you do not know XSL, you can instead use [[en:user:gs3_format_statements|Greenstone'​s statement format (''​gsf''​)]],​ which Greenstone will translate (behind-the-scenes) into XSL. ''​gsf''​ syntax is XML-based. (If you don't know XML, don't worry; it looks and acts very similarly to HTML.)
   * The GLI's **Format Features** section: The GLI provides an easy way to override parts of interface on a collection-level. Instead of having to create your own XSL files, you can type templates into the Format Features section of the Format panel. ​   * The GLI's **Format Features** section: The GLI provides an easy way to override parts of interface on a collection-level. Instead of having to create your own XSL files, you can type templates into the Format Features section of the Format panel. ​
  
Line 63: Line 63:
  
 ===== Format Statements ===== ===== Format Statements =====
-The //content// of a Greenstone collection is handled by [[en:user:format_statements|format statements]], ​+The //content// of a Greenstone collection is handled by [[en:user:gs2_format_statements|format statements]], ​
 which can be modified in the GLI (under ''​Format -> Format Features''​). So, if you want to change how documents appear which can be modified in the GLI (under ''​Format -> Format Features''​). So, if you want to change how documents appear
 in browsing pages, search results, and on individual document pages, format statements are where in browsing pages, search results, and on individual document pages, format statements are where
Line 72: Line 72:
 Greenstone2 is built on [[en:​user:​macros|macros]],​ which look like ''​_this_''​ and basically stand for Greenstone2 is built on [[en:​user:​macros|macros]],​ which look like ''​_this_''​ and basically stand for
 a block of text or code.  a block of text or code. 
 +
 +===== Maintaining security when customising GS2 macros =====
 +
 +A large part of Greenstone 2's security against cross-site scripting (XSS) is implemented in Greenstone 2.87+ in the macros files. This means that if you are customising it by reusing macros such as in new forms or paragraphs, you will need to be aware of how to do so in a secure way.
 +
 +Every macro variable now has additional variants of itself: variants that are safe to use in an HTML context, in an HTML attribute context, CSS context, URL context, JavaScript context and SQL context. ​
 +
 +The additional variants of each variable are denoted by the suffixes:
 +<​code>​Htmlsafe,​ Attrsafe, Csssafe, Urlsafe, Jssafe, Sqlsafe</​code>​
 +The variable name suffixes of these additional variants'​ indicate the context in which each is to be used. 
 +//
 +For example//, the ''​_cgiargq_''​ variable has the following variants:
 +<​code>​_cgiargqHtmlsafe_
 +_cgiargqAttrsafe_
 +_cgiargqCsssafe_
 +_cgiargqUrlsafe_
 +_cgiargqJssafe_
 +_cgiargqSqlsafe_</​code>​
 +
 +In reusing existing macros when you want to customise Greenstone 2 macro files, carefully select the appropriate variant of the variable you want depending on the context in the file where that variable needs to be used.
 +
 +In some cases, this can be straightforward:​ if it is going into an HTML attribute, use the ''​Attrsafe''​ variant. If it's going to be (part of) a URL, use the Urlsafe version. If it goes into regular JavaScript code, use the Jssafe version, etc.
 +
 +An example of a more complex case would be where Javascript produces HTML. If the variable is part of the HTML page produced by some JavaScript code, you need to use the ''​Htmlsafe''​ variant instead of the Jssafe variant.
 +
 +If you make your customisations consciously and sensibly, your modified macro files will continue to keep Greenstone 2's security intact.
 +
 +For more information:​
 +  * [[https://​www.owasp.org/​index.php/​Cross-site_Scripting_%28XSS%29|OWASP Cross Site Scripting (XSS) page]]
 +  * [[https://​cheatsheetseries.owasp.org/​cheatsheets/​Cross_Site_Scripting_Prevention_Cheat_Sheet.html|OWASP XSS cheat sheet]]
 +
 </​TAB>​ </​TAB>​
 </​TABAREA>​ </​TABAREA>​
  
 +===== Useful Links for Customisation =====
 +
 +  * [[en:​gli:​format_panel| GLI's format panel]]
 +
 +**Greenstone3:​**
 +  * [[en:​user:​gs3_format_statements|Format statements]]
 +  * [[en:​user:​gs3_list_of_format_options|Full list of Format options]]
 +  * [[en:​user:​gs3_sample_format_statements| Sample format statements]]
 +  * [[en:​user:​themes|Themes]]
 +  * [[en:​user:​interfaces| Customising the Greenstone 3 Interface]]
 +  * [[en:​user:​gs3_sample_interface_modifications|Sample interface modifications]]
 +
 +**Greenstone2:​**
 +  * [[en:​user:​gs2_format_statements|Format statements]]
 +  * [[en:​user:​gs2_sample_format_statements| Sample format statements]]
 +  * [[en:​user:​macros| Macros]]
 +  * [[en:​user:​sample_macros|Sample ​ macro customisations]]
 +  * [[en:​user:​collection_specific_macros|Collection specific macros]]
  
 //**Now that you know the basics of using and customizing Greenstone, there are a few other features, functions, and resources you should be aware of. The final section of this Beginner'​s Guide presents [[en:​beginner:​additional_topics|additional Greenstone topics]].**//​ //**Now that you know the basics of using and customizing Greenstone, there are a few other features, functions, and resources you should be aware of. The final section of this Beginner'​s Guide presents [[en:​beginner:​additional_topics|additional Greenstone topics]].**//​