Upgrading to Jive 5.0.4 If Your HTML Widgets Use JavaScript

Version 3

    If you used the HTML widget in a previous version, and you used JavaScript in the widget code, you'll need to know about a new behavior that can require you to change your widget code when you upgrade. We made this change to fix JIVE-3715, a longstanding problem that caused serious corruption problems wherein a poorly-coded HTML widget could wreak havoc with the entire page, requiring a database change to remove. To ensure that this can't happen, each widget now occupies its own iFrame if <script> tags are detected in the HTML. However, this new, safer implementation also prevents the widget from borrowing CSS or Javascript from the overview page. This means that widgets coded against versions earlier than 5.0.4 will need to be updated so that the widget code imports Javascript or CSS into the widget body itself.

     

    This change also has other effects on what you can do with widgets. For example, visual components cannot extend beyond the perimeter of the iframe, so an expanding menu can no longer float outside the widget frame. You also can't use the Javascript in a widget to manipulate HTML elements outside the widget frame.

     

    In most cases, users won't see any difference in the iFrame widgets unless linked content changes size. This behavior can be controlled using a JavaScript function (defined in the context within the iframe) called resizeMe(), which will resize the containing iframe to match the size of the contents.

     

    Simple HTML widgets that don't embed JavaScript are not affected by this change. Widgets containing only HTML + CSS are not loaded via an iFrame.

     

    When you upgrade, make sure you allow time for a thorough review of your HTML widgets. While you may have to spend some time making changes to your widget code and functionality, we think you'll find the stability payoff is worthwhile.

     

    As of version 5.0.5, you can turn the iFrame functionality off using the system property setting html.widget.safemode.enabled=false. This value disables "safe mode" and renders the JavaScript inline, rather than in an iFrame.