Overview
The HTML and Formatted Text widgets are extremely flexible but should be used carefully to ensure effective performant pages. These widgets are designed to display customized information on Overview places, including the Community home page. You can use them to embed all kinds of assets, including images.
These widgets are often used to provide visual orientation or branding to the site or the place. The HTML widget also allows you to add JavaScript and CSS elements.
This article also covers certain security limitations, performance impact, and widget security that are related to the HTML widgets.
Information
Uploading Resources to a Widget
- You can use the Formatted Text and HTML widgets to upload up to 10 file resources per place. (Spaces can include any kind of files: Groups and Projects are limited to GIF, JPEG, PNG and BMP files.)
- Files you upload will be stored as part of your Community so you do not have to retrieve them from an external location, which can improve performance and saves you the trouble of hosting them elsewhere.
- You can then refer to these resources in any Formatted Text or HTML widget you have access to edit. For instructions, see Uploading Static Resources to a Widget.
Managing Performance
Uploading resources is a good way to limit the performance impact of resource loading from your widgets: uploaded resources do not need to be authenticated on page load.
However, you will still want to consider user page loads when determining the number and content of widgets.
Managing HTML Widget Security
- To ensure security and prevent problems that can corrupt your pages and keep them from loading, any HTML widget code that calls a
<script>
tag will be contained in an isolated iFrame. This is known as safe mode. - If you want to include CSS or another styling in the widget, you can include it in the same location as your HTML code.
- Isolation of the HTML widget also means that the widget cannot borrow JavaScript from the Overview page, and that visual components cannot extend beyond the perimeter of the iFrame. (Simple HTML, JavaScript, and CSS continue to be supported)
- In safe mode, you can still call the assets associated with the core Jive installation as follows:
<script src="/resources/scripts/jquery/jquery.js"></script> <link rel="stylesheet" href="/styles/jive.css" media="all">
- It is possible for your site administrator to use a system property to override the default safe mode behavior (iFrame isolation) and allow external JavaScript access from the HTML widget. However, this approach requires caution and is not recommended.
- In previous versions, before the safe mode was implemented for widgets, it was possible for corrupted widget code to cause serious problems that affected the database.
- Widget upload access should be limited to users you trust. Because any social group owner can upload resources to these widgets, it is possible for users to make incorrect judgments about appropriateness and security, so make sure the group owners are carefully chosen.
Comments
0 comments
Article is closed for comments.