[Do something on Browser Resize]

How do you install a listener on the Browser window resize event (without overriding Ext.EventManager.onWindowResize, of course)?

[Changing Custom CSS on theme change]

Thanks zilav for the input, but this would work if I had a css custom file, I guess. Right now I need a way to paste a css string at run time. For now my workaround seems to work, by the way.

UnicodeString custom_css;
if(UniMainModule()->Theme == UnicodeString(L"neptune"))
    custom_css = L"neptune_css";
else
    custom_css = L"default_css";

//removing carriage returns...
TReplaceFlags flags = TReplaceFlags() << rfReplaceAll;
custom_css = StringReplace(custom_css, L"\r\n", L" ", flags);

UniSession->AddJS(UnicodeString("var my_customstyle = Ext.util.CSS.createStyleSheet('")+custom_css+L"','my_customstyle');");

[Changing Custom CSS on theme change]

This may be an ugly workaround but....

 

In MainForm::AfterConstruction

UniSession->AddJS("var my_customstyle = Ext.util.CSS.createStyleSheet('___your__css__here','my_customstyle');");

[Changing Custom CSS on theme change]

I have defined a few div classes in ServerModule::CustomCSS. When I change (at run time!) the Theme of my application (this can be done in MainModule) I'd wish to switch my Custom CSS, and here is the problem: the CSS is in ServerModule, is global.

 

How do you achieve that?

 

 

[Security Vulnerabilities / CSRF / XSS]

uniGUI uses Ext.js. As far as I know, ExtJS is vulnerable to all sorts of injection and XSS attacks, unless the programmer is very careful. See:

 

https://www.sencha.com/forum/showthread.php?296844-HTML-injection-attack-against-the-grid-row-s-TR-id-and-dataRecordId-attributes

 

 

Ext.js doesn't do any HTML escaping by default, not just in the table row...

 

HOW UNFORTUNATE, SENCHA

 

That said, uniGUI does a better job at protecting the server from those attacks, at least some vulnerabilities have been fixed throughout the years

 

http://forums.unigui.com/index.php?/topic/3979-javascript-injection-problem-on-form-show

 

But some issues are still open...

 

http://forums.unigui.com/index.php?/topic/6907-unidbgrid-and-form-title-html-injection

http://forums.unigui.com/index.php?/topic/5252-unicode-support-issue-unprintable-chars

 

depending on what kind of software you are developing there are probably workarounds (browse the forums and you will find plenty).
Happy bugging/debugging!

[unidbgrid and form title: html injection]

As for the form title I am pretty lost: I was unable to change the behaviour of the JS Window object and since TUniForm::GetCaption is NOT virtual I can't find a clean way to change its behaviour, either.

class PASCALIMPLEMENTATION TUniBaseForm : public TUniBaseIntermForm
{
//...................
	System::UnicodeString __fastcall GetCaption(void);
	virtual void __fastcall SetCaption(System::UnicodeString Value);
}

my form

class TMyForm : public TUniForm
{
private:
UnicodeString _unescaped_caption;
protected:


	UnicodeString __fastcall GetCaption(void);//NO!
	virtual void __fastcall SetCaption(UnicodeString Value);//OK since it is virtual
public:        // User declarations
    __fastcall TMyForm(TComponent* Owner);
}

// ---------------------------------------------------------------------------
__fastcall TMyForm::TMyForm(TComponent * Owner) : TUniForm(Owner), _unescaped_caption(Caption)
{
}

// ---------------------------------------------------------------------------
UnicodeString __fastcall TMyForm::GetCaption(void)
{
    return _unescaped_caption; //this is never called!
}

// ---------------------------------------------------------------------------
void __fastcall TMyForm::SetCaption(UnicodeString Value)
{
    _unescaped_caption = Value;
    TUniForm::SetCaption(html_escape(Value));
}

As a result if I execute this

TMyForm* AForm = MyForm();
AForm->Caption = AForm->Caption;

The caption gets escaped twice!

[unidbgrid and form title: html injection]

Should this whole topic be moved under "Active Reports"? By the way, the workaround above seems to work. I would appreciate if, in future version of the library, grids had a flag "escape HTML" (true by default).

[unidbgrid and form title: html injection]

I had a look at ext-unigui-min.js

maybe something like this?

function reconfigure(sender, store, columns, oldStore, the, eOpts)
{       
    columns.forEach(function(col){  
        col.renderer = function(k,a,d,i,m,l,j){  
            return _rndcll_(Ext.util.Format.htmlEncode(k), a,d,i,m,l,j)  
        }      
    })
}

[unidbgrid and form title: html injection]

Unfortunately this introduces a problem. OnDrawColumnCell doesn't work anymore.

 

In the project above

void __fastcall TMainForm::GridSrcDrawColumnCell(TObject *Sender, int ACol, int ARow, TUniDBGridColumn *Column, TUniCellAttribs *Attribs)

{
    Attribs->Color = clRed;
}

This is supposed to turn all the cells background red. It works only if you disable the reconfigure ExtEvent, I need both to work simultaneously,

[unidbgrid and form title: html injection]

I have tested your code and it works! Thanks!

 

Here you can find the updated project. I removed any dependency from external libraries (I hope)

TestMultiSelect.zip

[unidbgrid and form title: html injection]

I need to do it for every column, of every grid in my project. Is it possibile to do it in a Extevent on the grid?

[unidbgrid and form title: html injection]

I need a way to configure a grid in order to display HTML (or any special character) and not interpret it. Same thing for form titles. Other DB components are safe (uniDBEdit and labels, for instance)

I will upload another project by Monday.

[unidbgrid and form title: html injection]

sorry i didn't attach the file

TestMultiSelect.zip

[unidbgrid and form title: html injection]

sure.
 

I adapted a small project i had. It is only dependent on VirtualTable by Devart ODAC, which is a free component. I am pretty confident it also works with other in-memory datasets

just launch the application and look at the first row. It is supposed to contain the text "aaaa<p>a</p>" instead is rendered as

 

"aaaa

 

a

 

"

 

of course you can enter any HTML you want: links, maybe even JS code!

[unidbgrid and form title: html injection]

I need the unidbgrid to show every character (including < , >, &). Instead I see that those characters are interpreted as HTML. I have the same issue with form titles.

 

This is also a security issue!

[Overflowing text, Grid cell tooltip?]

Precisely what I need! Thanks!

 

I have two more questions:

How do I set the maximum width of the tooltip?

Is it possible to show a different text in the cell (instead of the ellipsis) when the cell is not large enough?

[Overflowing text, Grid cell tooltip?]

I will try this.

Thanks. 

[Overflowing text, Grid cell tooltip?]

Hello everybody,

 

If a grid cell has too much text, it shows an ellipsis (...) at the end. If this is the case, is it possible to show a tooltip when the cursor is positioned over the cell, in order to display the full data?

 

Bonus: how do you control what is shown in the cell? For instance, how do I show this-> ######## instead of a portion of the actual text?

 

Thanks

[[ISAPI] Compile with Rad Studio 10, deploy on IIS 7]

In short: I tried the new C++ 32bit compiler (the CLANG LLVM one) with the same Includes, libs, and browsing paths as the "Classic Compiler".

The Hello World project works!

Now I need to port my awfully big project to the new compiler and ...

It would be great if someone can confirm this "fix".

I don't know if it's related but see https://forums.embarcadero.com/message.jspa?messageID=706860

[[ISAPI] Compile with Rad Studio 10, deploy on IIS 7]

Can you please test same setup with XE8 and see if it works?

 

Unfortunately I can't, I skipped XE7 and XE8. Those Embarcadero guys are waaay to fast with their releases.

On the bright side: I may have found a setup that works in C++ Builder 10. Let me investigate it deeper and I will post my findings. Thanks for the support (as always)

[[ISAPI] Compile with Rad Studio 10, deploy on IIS 7]

Is your target 32 bit?

 

Yes. I am using 32bit C++ Classic Compiler

[[ISAPI] Compile with Rad Studio 10, deploy on IIS 7]

Maybe is a C++Builder 10 issue, I can't give you a definitive answer.

 

As I posted before

Delphi 10 > New (uniGUI for Delphi) > ISAPI works

C++ Builder 10> New (uniGUI for C++) > ISAPI ERROR

 

Maybe the cbproj generated by the uniGUI Application Wizard is somewhat flawed? While the dproj is correct?

[[ISAPI] Compile with Rad Studio 10, deploy on IIS 7]

Here is some results

 

On Windows10-RadStudio10-uniGUI 0.99.80.1219

 

New>uniGUI for C++ Builder> ISAPI

Turn off all linking (RTL, DelphiRTL, Run time packages)

Build (Release)

resulting dll size 5397 KB

 

deployed on Windows 7 (IIS7) > HTTP 500.0 0x8007007f

 

New>uniGUI for Delphi> ISAPI

Turn off all linking (DelphiRTL, Run time packages)

Build (Release)

resulting dll size 3907 KB

 

deployed on Windows 7 (IIS7) > works

 

what is happening? O_O

[[ISAPI] Compile with Rad Studio 10, deploy on IIS 7]

So what is the root of problem here?

 

-Windows version?

-IIS version?

-Rad Studio version?

-UniGUI version?

 

Good point. You can't separate IIS from Windows (Win7=>IIS7, Win10=>IIS10). But I will try some permutation of rad studio/uniGUI.

 

Edit: actually, I did NOT change IIS, that is the point  

[[ISAPI] Compile with Rad Studio 10, deploy on IIS 7]

The previous post was not correct.
 
In RadStudio 10 Project manager the project is called <my project>.cpl, but actually it releases a .dll file.
 
Loaded in IIS 7, when I try to access localhost I get an error
 
HTTP 500.0
 
Modulo    IsapiModule
Notifica    ExecuteRequestHandler
Gestore    ISAPI-dll
Codice errore    0x8007007f
 
Using my previous setup (Windows 7/ Rad Studio XE6/uniGUI 0.99.0.1161) the same project worked.
 
Before you ask: I need to upgrade my development environment, but I can't force to upgrade all the servers to IIS 10.