for a project at university we are working on an application that is supposed to automatically create a file for the user after having queried several information from the user. The general idea is to use Decision Model and Notation "DMN" to perform the query and collect the information needed. The file input depends on the answers provided by the user. The application is further intended to be web-based.
My question is therefore, how we can put the strings that result from the DMN query into a PDF template that is ready to print/send? The template is currently set up to be a text document (.docx) that has several input fields that need to be filled.
Thanks!
You can use Kogito for the DMN execution side; it is JVM based but it exposes for you automatically generated REST (JSON) endpoints to evaluate the DMN model. Based on the requirements you listed, this should an easy way to achieve the DMN evaluation part; that is for Kogito you drop the .dmn model file into the src/main/resources directory and it will automatically provide for you a cloud-native based application exposing the REST endpoint.
Further, the outcoming JSON payload (of the DMN evaluation results) could be fed into a template engine, in order to generate from the JSON of result the final PDF leveraging conversion from a more friendlier target. For instance, this could have also been done with Apache FreeMarker/Velocity template engine. You could use as target HTML or ODF, and finally achieve the final PDF conversion.
Related
I'm developing an API with expressJS. This API is a semi-weblog service, and clients can create, update and delete their posts and contents. I have a sec urity concern about implementing its post and patch routes.
If the user injects some JS code and sends it to API to store in Mongodb, could these codes affect our API? How can I prevent users from posting and patching requests with any code inside them?
I have found "xss-clean" middleware to sanitize the user input body, is it enough for this purpose?
Because it is very important to me to ensure that I am using the correct middleware to protect this API, I am asking this question.
If the user injects some JS code and sends it to API to store in Mongodb, could these codes affect our API?
Generally speaking: It won't.
The code come into express as a message body. It gets parsed by your middleware into a data structure where it will appear as a string. You then put that string in an object of structured data that you pass through the Mongodb client API which sends it to the database with any escaping that is needed.
I have found "xss-clean" middleware to sanitize the user input body, is it enough for this purpose?
XSS is an attack in which data injected into an HTML document contains special characters which are treated as special characters in HTML.
e.g.
<h1>{{ your_name }}</h1>
Where your_name is data that contains <script>...</script>.
This is generally dealt with by applying proper escaping to the data (at a very basic level that means replacing < with <).
XSS won't affect your API directly.
If your data is going to be taken out of the Mongodb store and injected into an HTML document, then XSS is a consideration.
xss-clean is a wrapper around xss-filters.
xss-filters looks (I've only glanced at it) like a good module and is designed to be used as an output filter (i.e. run just before you insert data into an HTML document).
xss-clean works as an input filter, which isn't a good approach. It makes your data HTML safe at the expense of making it not useful for any purpose other than HTML. You might want to use the data in an email, or generate a report in Excel format.
I have a fairly large Application and I'm currently trying to find a way around having to pass Data from PHP (User Tokens for 3rd Party API's and such) through the DOM. Currently I use data-* attributes on a single element and parse the Data from that, but it's pretty messy.
I've considered just making the contents of the element encoded JSON with all the config in, which would greatly improve the structure and effectiveness, but at the same time storing sensitive information in the DOM isn't ideal or secure whatsoever.
Getting the data via AJAX is also not so feasible, as the Application requires this information all the time, on any page - so running an AJAX request on every page load before allowing user input or control will be a pain for users and add load to my server.
Something I've considered is having an initial request for information, storing it in the Cache/localStorage along with a checksum of the data, and include the checksum for the up-to-date data in the DOM. So on every page load it'll compare the checksums and if they are different (JavaScript has out-of-date data stored in Cache/localStorage), it'll send another request.
I'd rather not have to go down this route, and I'd like to know if there are any better methods that you can think of. I can't find any alternative methods in other questions/Google, so any help is appreciated.
You could also create a php file and put the header as type javascript. Request this file as a normal javascript file. <script src="config.js.php"></script> (considering the filename is config.js.php) You can structure your javascript code and simply assign values dynamically.
For security, especially if login is required, this file can only be returned once the user is logged in or something. Otherwise you simply return a blank file.
You could also just emit the json you need in your template and assign it to a javascript global.
This would be especially easy if you were using a templating system that supports inheritance like twig. You could then do something like this in the base template for your application:
<script>
MyApp = {};
MyApp.cfg = {{cfg | tojson | safe}};
</script>
where cfg is a php dictionary in the templating context. Those filters aren't twig specific, but there to give you an idea.
It wouldn't be safe if you were storing sensitive information, but it would be easier than storing the info in local storage,
My web application uses file which has been updated by other process. My application reads the content of the file using ajax
xmlhttp.open("GET","/config/myfile",false);
xmlhttp.send();
Once response is received then app parses this response and shows that values on Web UI. The file contains 50 fields and whenever I want to read any single field I need to open whole file.
Is there any way to get the values of single field based on key instead of reading whole file.
As per my understanding we need to read and open file and then parse the response text. But would like to know is there any way to reduce the file calls with any other method.
I want to achieve this to reduce the file I/O operations. Since other processes are writing in to it and at same time my web app accessing to read the latest value.
Any other option would be appreciated.
Note :- I do not have to use any server side scripting lang option.
Regds
I attempting my first SPA.
It will be a HTML representation of the model of our database structure to give to clients to look through the model and do queries of the database model (not the database data itself).
The requirement is then for no updates and the SPA will be shipped with the release and thus will be offline. Currently it is a static HTML page.
My question is - is there a way to use breeze to query the json file I've created that describes the model? All I've seen are examples of the EntityManager being initialised with a service URL - that will return the data.
Not quite sure I understand the question. What do you mean by (no server)?. Does this mean that you want to bring all of the data down just once and then query it locally?
If the data that you want to query is actually itself metadata then if you describe the structure of the metadata (i.e. metadata of metadata) in Breeze's native metadata format, then you should be able to query the metadata itself via Breeze's EntityQuery.
Probably a little more info would be helpful.
Also, take a look at the Breeze NoDb sample for an example of "custom" metadata construction.
I am working with Perl/CGI, MySQL, Perl Template toolkit.
I have a database set up and some perl modules to query the database.
From the perl modules I pass on a datastructure (hash of hashes) to perl template toolkit (.tt) and that renders the results on the webpage.
I would now like to add an option of downloading the search results into a tab delimited file; i.e. provide a download file option. I have a subroutine in my perl module to do the conversion into tab-seperated format. I want to be able to call that subroutine
to convert the search results into tab-seperated format. Can I call a subroutine from a perl module in Template toolkit?
I am trying to figure out how to generate a downloadable file without again querying the database or without storing the results in CACHE.
Is there a way to pass the datastructure(hash of hashes) that Perl template is rendering, to a Javascript (that further calls subroutine) that can then generate a downloadble file?
Please suggest a correct approach.
Thanks for your time
Can I call a subroutine from a perl module in Template toolkit?
You can, but it doesn't make sense to for this problem.
You don't need any templating capabilities, and you do need a different Content-Type header. Don't use TT when the tab separated file is being created.
I am trying to figure out how to generate a downloadable file without again querying the database or without storing the results in CACHE.
There is no reasonable way to do that. The closest you could get would be to parse the data out of the generated (by TT) HTML document with JavaScript (not using the Perl you wrote to generate the tab separated file), and then build the tab separated file on the client, and make it available for download.
It would be simpler, easier and more reliable to just hit the database again.