en:beginner:customization
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
en:beginner:customization [2017/02/19 23:15] – [Customization] kjdon | en:beginner:customization [2023/03/13 01:46] – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | |||
+ | |||
+ | |||
====== Customization ====== | ====== Customization ====== | ||
//**Part of the [[en: | //**Part of the [[en: | ||
Line 16: | Line 19: | ||
- | <TABAREA tabs="Greenstone3, | + | <tabbox |
- | <TAB> | + | |
===== Site, interfaces, and libraries ===== | ===== Site, interfaces, and libraries ===== | ||
Sites and interfaces contain the content and presentation information, | Sites and interfaces contain the content and presentation information, | ||
Line 50: | Line 52: | ||
Finally, every site-interface combination you create is considered a **library** | Finally, every site-interface combination you create is considered a **library** | ||
(in technical terms, each library is actually a servlet). | (in technical terms, each library is actually a servlet). | ||
- | </TAB> | + | <tabbox Greenstone2> |
- | <!-- ################################################################################## | + | |
- | ####################################################################################### | + | |
- | ####################################################################################### | + | |
- | <TAB> | + | |
===== Collection level vs. library level ===== | ===== Collection level vs. library level ===== | ||
Line 72: | Line 70: | ||
Greenstone2 is built on [[en: | Greenstone2 is built on [[en: | ||
a block of text or code. | a block of text or code. | ||
- | </TAB> | + | |
- | </TABAREA> | + | ===== Maintaining security when customising GS2 macros ===== |
+ | |||
+ | A large part of Greenstone 2's security against cross-site scripting (XSS) is implemented in Greenstone 2.87+ in the macros files. This means that if you are customising it by reusing macros such as in new forms or paragraphs, you will need to be aware of how to do so in a secure way. | ||
+ | |||
+ | Every macro variable now has additional variants of itself: variants that are safe to use in an HTML context, in an HTML attribute context, CSS context, URL context, JavaScript context and SQL context. | ||
+ | |||
+ | The additional variants of each variable are denoted by the suffixes: | ||
+ | < | ||
+ | The variable name suffixes of these additional variants' | ||
+ | // | ||
+ | For example//, the '' | ||
+ | < | ||
+ | _cgiargqAttrsafe_ | ||
+ | _cgiargqCsssafe_ | ||
+ | _cgiargqUrlsafe_ | ||
+ | _cgiargqJssafe_ | ||
+ | _cgiargqSqlsafe_</ | ||
+ | |||
+ | In reusing existing macros when you want to customise Greenstone 2 macro files, carefully select the appropriate variant of the variable you want depending on the context in the file where that variable needs to be used. | ||
+ | |||
+ | In some cases, this can be straightforward: | ||
+ | |||
+ | An example of a more complex case would be where Javascript produces HTML. If the variable is part of the HTML page produced by some JavaScript code, you need to use the '' | ||
+ | |||
+ | If you make your customisations consciously and sensibly, your modified macro files will continue to keep Greenstone 2's security intact. | ||
+ | |||
+ | For more information: | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | </tabbox> | ||
===== Useful Links for Customisation ===== | ===== Useful Links for Customisation ===== | ||
Line 84: | Line 112: | ||
* [[en: | * [[en: | ||
* [[en: | * [[en: | ||
+ | * [[en: | ||
* [[en: | * [[en: | ||
Line 94: | Line 123: | ||
//**Now that you know the basics of using and customizing Greenstone, there are a few other features, functions, and resources you should be aware of. The final section of this Beginner' | //**Now that you know the basics of using and customizing Greenstone, there are a few other features, functions, and resources you should be aware of. The final section of this Beginner' | ||
+ |
en/beginner/customization.txt · Last modified: 2023/03/13 20:51 by kjdon