I have a function in the back-end that relies on the property names of an object, which is sent using AJAX with AngularJS. Can a user alter the property names using a debug tool, therefore changing what I would normally expect in the back-end? I suppose doing that would also affect the entire app in general if it was possible.
I guess it's kind of like someone using a debug tool to change the name attribute on a form and then submitting it. So I was curious to know if it's something I should ever keep in mind for AngularJS. I hope that makes sense.
If user is smart enough, he or she can change mostly everything using developer tools browser brings. What is more, if back-end endpoint is known, it easy to mock custom request with custom data.
You should always validate request since everything what doesn't come directly from your code can lead to security break.
The big downside of Ajax is that its requests are easily debugged using dev tools and, if are not designed correctly, expose your internal structures.
Related
Is there a way to get the current username in a formula (the v1(data, context) new stuff)? And other DNN tokens as we would on a view.
Current date is easier, since it dependends only on c#, but I can't any documentations for username.
If you are working with Razor templates, yiu can call and and all DNN methods. Also, while editing a template, the dark left column of the edit screen gives you access to all sorts of snippets that you can use by clicking on them.
This feature is still experimental and doesn't do much outside of its context in the browser. We've done a few tests and could not reach outside the Angular app's scope (which makes sense). I do believe there are plans wire up things like that. Daniel will probably chime in.
In the mean time, there is no reason you can't write your own API to get the answers you need from the backend. The formulas aren't limited in any way, so there is no reason not to do it like this (assuming writing your own C# 2sxc WebApi code is something you are familiar with):
async function api()
{
let tmp = await sxc.webApi.fetchJson('/api/2sxc/app/myapp/api/score/progress');
console.log(JSON.stringify(tmp));
}
Just fyi: 2sxc 13.10.02 will have a context.sxc which is great for calling APIs, as well as a context.user.id which will give you some user info. Using this you should be able to get this to work.
I am using Angular SPA with DTM.Using custom event based rules, I am able to get all my data including pageName, v41,v42 as correct. Now inside adobe editor, i am storing pagename to s.pageName and some hard-coded value to s.server. I have verified that all my data is correctly populating using OMNIBUG tool as server,pageName, v41 and v42.
Problem is coming in Omniture reporting, as server and page data are not coming through. Page-name data only showing SPA homepage in all page visits and server also coming as default from s.code and not the one i am passing from s.server. eVar/prop are all coming fine.Even if I do prop40=s.pageName/prop41=s.server, then in omniutre reporting i am seeing correct data populating in prop40/prop41 but not under Page and server. And again I cant use prop40/prop41 for pagename/server as its not a correct way to follow and PAGE-VISITS are ZERO in that case.
Any help how to get data in page/server in omniture for SPA or anything wrong in my implementation? Thanks in advance!!
If you really do see the correct values in Omnibug (or more specifically, network request to Adobe collection server), then the issue is not in the code.
Check against another AA hit debugger. Possible Omnibug is somehow bugging out. There are a ton of alternatives out there. Adobe Experience Cloud Debugger. Observepoint. Charles Proxy. Fiddler. Or just use the browser dev tool network tab (what I usually do as a backup).
Make sure you are looking in the correct report suite. Perhaps your data is being sent to a dev report suite, and you are looking at prod report suite, or visa versa?
Check to see if you have any Processing Rules that are overriding your values.
Contact your Adobe Rep to check if there are any VISTA Rules present for the report suite, that are overriding your values.
If you have verified none of the above is the case, then sorry, but it sounds like the issue must really be in your code, but there is a problem with your QA method (e.g. maybe you are looking at the wrong AA request, or something).
Update:
Based on your comment:
Earlier, i was making s.tl() call, but replacing it with s.t() call
resolved my problem for data was not populating
pageName/server/page-views in Omniture and now it is. But the current
problem is we need PageName on all SPA clicks (can be achieved by
s.t() call ) , but the page-Views are not needed on all clicks. So,
its like link-tracking needed only but with PageName data. I am
struggling not to populate page-views on a s.t() call or vice-versa
how to get PageName populated on s.tl() call. Again, omnibug shows all
requests just fine but the issue comes in reports in omniture
When Adobe processes a hit, it wipes pageName for s.tl calls, as that's how it determines whether to count the request as a page view or not. If you want to see page name even for s.tl calls, the common practice is to dupe the pageName value to a prop or eVar and send in with the s.tl call, and look at that report. In fact, most clients I work with don't even use the native pages report, and instead use the (usually eVar) report.
I created a web app in mvc 5, using angularjs as controller but the problem is, all my code of my app will be shown if i click on inspect in google chrome, i don't want to show my coding to any user, how can i prevent the user to view my coding,
and is angularjs is less safer then c# and is there any way (by coding) to prevent all the users to view our code in insect element
i know this is not exactly related to coding, but my app has the
transacion related to banks
This is normal with any web application that depends on client side scripting language.
JavaScript should be only used to handle the user interface flow and interactions, the business logic and persistence should be handled in the back end.
You should never trust any data coming from the UI, always validate it before retrieval or saving.
As for the code that is visible, you can always minify the JavaScript files, this will make it at least harder for anyone to inspect and understand the code
Basically I'm writing an app and am using Sails, MongoDB and Node JS for the back end. I'll use Sail's API features and was wondering what would be the best way to make the app realtime.
For instance I could use AJAX to call the API and manipulate the DOM using jQuery and update the DB through $.post then let the model update the db in the backend, however I'm finding this approach quite cumbersome. Not to mention I can see the code could become quite difficult to maintain after a while.
I've been doing some research and - if I understood correctly - it seems I could use either Backbone, Angular or Knockout to manipulate the data/DOM on the front end, however I'm not sure what would be the best approach in my case nor whether any of these would indeed suit my needs:
Being able to get the data dynamically
Update the data and the DOM dynamically as the user interact with the page
Post the updated data dynamically with none or as minimal data transformation on the back end as possible
All the above asynchronously
As I don't want this to become a heated debate on which library is best, so I would like to know only whether any of the aforementioned libraries can do what I need and which is the leanest/simplest/has the lighter learning curve.
I did similar research a while ago and when found AngularJS, just stopped looking any further.
Right to your questions:
Being able to get the data dynamically
It is pure pleasure to do it in Angular. For the very basic functionality you have got $http service which allows you to send http request and register a callback when the data arrives.
For more complicated things there are modules ngResource and Restangular (external).
Update the data and the DOM dynamically as the user interact with the page
For manipulating DOM, Angular introduced concept of directive. It is basically future of the web (Shodow DOM and Web Components) right now. At this time point, there is nothing more elegant out there.
Post the updated data dynamically with none or as minimal data transformation on the back end as possible
Yes. JSON.
All the above asynchronously.
Yes, of course.
SailsJS provides interchangeability of HTTP or socket.io connections. In your case I think sockets would be a better fit than AJAX.
I'm fairly new to Django and web-app development, so perhaps my question is not very well thought out.
For a new website I'm working on, I'd like to perform a set of database queries for every incoming request. I'm wondering what the best way to structure this in code would be.
To be more specific, I'd like to display a greeting (such as "Hi John,") and the status of the user's shopping cart in the header section whenever applicable. I considered creating a get_header_details helper function and calling it from every view method, but there has to be a better way to do this. Thoughts?
Also, even though I'd like to display the greeting and shopping cart status on every page, maybe I don't need to query for it on every page request. Is there a good way to do this? This is a learning project, so I'm ok with adding things to my technology stack.
For the shopping chart, middleware and a context processor coupled with sessions and preferably caching (e.g. Memcached) is the way to go.
Middleware allows you to do arbitrary actions before or after every view. A context processor allows you to insert variables into every template. The most common way to implement a shopping chart is the use of sessions, as you normally don't want to save the state of the shopping chart indefinitely by default (you can of course provide this option as a convenience feature).
As for the greeting message, use caching to prevent an extra (probably unneeded) query on every request.
Django has good caching support. Template fragment caching might be useful in your instance.