LibreOffice XForm : how to read form data with javascript macro - javascript

I have an XForm document in LibreOffice Writer 5. The form contains various text boxes and date fields. What I want is to create a Javascript macro that will be assigned to one text box and perform some actions whenever the user changes the input of this field. So far I have written the following
var oDoc = UnoRuntime.queryInterface(XModel, XSCRIPTCONTEXT.getInvocationContext());
if (!oDoc) {
oDoc = XSCRIPTCONTEXT.getDocument();
}
var xFieldsSupplier = UnoRuntime.queryInterface(XFormsSupplier, oDoc);
var xForm = xFieldsSupplier.getXForms();
but xForm is null. Does anyone know how I can get the XForm fields? Is there something wrong with the above code?

The code looks fine. It seems to be an issue with Javascript, because I tested similar code using other languages and it worked. In Python this printed the form name:
xforms = oDoc.getXForms()
formName = xforms.getElementNames()[0]
xTextRange = xText.getEnd()
xTextRange.setString(formName)
xform = xforms.getByName(formName)
The same thing worked in Java:
XFormsSupplier xFormsSupplier = UnoRuntime.queryInterface(
XFormsSupplier.class, xComponent);
XNameContainer xforms = xFormsSupplier.getXForms();
String formName = xforms.getElementNames()[0];
xTextRange = xText.getEnd();
xTextRange.setString(formName);
Object aForm = xforms.getByName(formName);
This introduction indicates that Javascript support for UNO is still in its infancy.
Note that XFormsSupplier is not published, which presumably means the interface is subject to change or instability.

Related

Write to a PDF using JS (pdfform.js)

I need to make an update to a script that is using pdfform.js in order to take data from html inputs and pass them into a fillable pdf file.
Basically all I need to do is to update the PDF file for the year 2022.
The problem is that my new PDF doesn't have fields where I can write like the old one:
PDF that has fillable inputs:
old pdf
My new PDF:
new pdf
I tried to add fields to my new pdf using Adobe Acrobat but the script is not able to write to them. I don't know exactly how to add the fields in order to have the same reference as the old ones.
<script type = "text/javascript"
src = "pdfform.pdf_js.dist.js" > < /script>
< script > $(document).ready(function() {
$("#descarca-pdf").on("click", function() {
event.preventDefault();
var a = new XMLHttpRequest;
a.open("GET", "Formular-230_Habitat-for-Humanity-Romania-2.pdf", !0), a.responseType = "arraybuffer", a.onload = function() {
if (200 == this.status) {
var a = this.response,
e = {
cnp: [$("#form-cnp").val()],
initiala: [$("#form-initiala").val()],
prenume: [$("#form-prenume").val()],
numar: [$("#form-numar").val()],
nume: [$("#form-nume").val()],
scara: [$("#form-scara").val()],
etaj: [$("#form-etaj").val()],
apartament: [$("#form-apartament").val()],
bloc: [$("#form-bloc").val()],
judet: [$("#form-judet").val()],
localitate: [$("#form-localitate").val()],
codpostal: [$("#form-codpostal").val()],
email: [$("#form-email").val()],
telefon: [$("#form-telefon").val()],
strada: [$("#form-strada").val()],
fax: [$("#form-fax").val()]
},
o = pdfform().transform(a, e),
t = new Blob([o], {
type: "application/pdf"
}),
r = document.createElement("a");
r.href = window.URL.createObjectURL(t), r.download = "Formular_230_Habitat_for_Humanity_Romania.pdf", r.click()
} else on_error("failed to load URL (code: " + this.status + ")")
}, a.send()
})
}); < /script>
Does anyone know any tool that I can use for this?
As far as I can tell you are trying to update a Government Form 230 which used to look like this
And you say you need to update those field for this year HOWEVER the Current Form uses a totally different structure, like this
Here we can see the difference in the two sets of field tags
The XFDF data fields structure as published can be found at
https://static.anaf.ro/static/10/Anaf/Declaratii_R/AplicatiiDec/structura_B230_D230_2020_27032020.pdf
and https://static.anaf.ro/static/10/Anaf/Declaratii_R/AplicatiiDec/structura_B230_D230_2022_12012022.pdf
The forms structure may be used for customised versions with a java library and both years forms have their own personalized .jars for each structure, so it is best to use the official ANAF J Soft available online.
You provide a sample of a modified custom version which has been dumbed down to be part flattened and part not ! thus to my view would not be compatible with your declaration it must match the government XFA format, however it was initially generated or modified using Adobe Forms Library Code, so has working fields in one part area, but they are not XFA structure like the official ANAF version they are declared as "You cannot save data...Please print..." to be simply printed and scanned as if it was a basic paper copy without intelligent fields, which defeats the whole reason for it being a fillable form in the first place. You may just as well use a word doc or any other editor form.
OK on looking through many different modified D230's including yours they seem to be from the same source "CodruĊ£ Popa" who I assume is an ANAF designer so best to get a newer copy from them.

Simple code to extract substring into a variable of GTM (Google Tag Manager)

I do not know how to code Java and am not an expert in GTM. However, the code I need is so simple, It worked on an online editor but I have been trying to get it to work on GTM and it does not validate the code.
I need to extract the email adresses from a long string (variable {{Click URL}} in GTM) that contains a complete "mailto:" url with many parameteres and only extract the short email from there (without the additional parameters after the ".com?")
Just an example of this kind of url:
'mailto:information#example.com?subject=Demande%20de%20renseign
ements&body=Votre%20nom:%20%0A%0ANom%20du%20produit:%20%0A%0AVotre%20tel
.%20si%20vous%20souhaitez%20recevoir%20un%20appel%20de%20notre%20part:%2
0%0A%0AVotre%20demande%20de%20renseignements:%20%0A'
Here is the code,
let shortmailto2 = {{Click URL}},
let fin = shortmailto2.indexOf('?'),
let debut = shortmailto2.indexOf(':'),
let shortmailto = shortmailto2.slice(debut+1,fin);
it pulls the right email address as I need when testing on an online editor but when I insert it into GTP (and use a pre-existinge variable, the "click url") I get an error (see monosnap link below for the screen shot): https://monosnap.com/file/eBFYfEwLv9LrPwGrGl6rzaHCbmoeYj
Thanks!
GTM Custom JavaScript Variables:
This field should be a JavaScript function that returns a value using the 'return' statement. If the function does not explicitly return a value, it will return undefined and your container may not behave as expected. Below is an example of this field:
function() {
var now = new Date();
return now.getTime();
}
The following worked for me when I tested it, returning just the email address.
function() {
var shortmailto2 = {{Click URL}};
var fin = shortmailto2.indexOf('?');
var debut = shortmailto2.indexOf(':');
return shortmailto2.slice(debut+1,fin);
}

Cross Site Scripting issue with window.location.search

I have been going through so many forums & wikipedia's since few days for trying to understand about XSS attacks alomost I have spent 2-3 days but still not get better idea as suggesting multiple solutions by experts & I want know how the hackers can inject malicious code on victims browser ? and my application have been use to run on some App Scanner standard testing tool so its caught so many XSS issues. I want put here one of XSS issue of my application so can please some one help me out to understand the what exactly I have to do for this issue. Still I have been trying a lot to get better understand about XSS issues. This is my code snippet
function getParameter(param) {
var val = "";
var qs = window.location.search;
var start = qs.indexOf(param);
if (start != -1) {
start += param.length + 1;
var end = qs.indexOf("&", start);
if (end == -1) {
end = qs.length
}
val = qs.substring(start,end);
}
return val;
}
var formName = getParameter("formName");
var myValue = ''+thisDay+'</td>';
document.getElementById('calendarA').innerHTML = myValue;
And these statements are
var qs = window.location.search;
val = qs.substring(start,end);
var formName = getParameter("formName");
var myValue = ''+thisDay+'</td>';
document.getElementById('calendarA').innerHTML = myValue;
cought by App scanner testing tool as possible code for XSS(Cross Site Scripting) issues but I am not sure how it is cause to XSS & how I can fix this issue now. Can anybody please provide insights on how this vulnerability can be fixed?
var myValue = ''+thisDay+'</td>';
This line doesn't have any escaping, it expects '(... \''+formName+'\' );...' to be a string. But it can become some other thing:
formName = "'); alert('I\'m free to do anything here'); (''+"
document.getElementById('calendarA').innerHTML = myValue;
Let's place such fragment into myValue:
... <img src=void onerror="alert('hacked')" /> ...
You can check it works:
document.querySelector('button').addEventListener('click', function () {
document.querySelector('output').innerHTML = document.querySelector('textarea').value;
})
<textarea>... <img src=void onerror="alert('hacked')" /> ...</textarea>
<button>Go</button>
<output></output>
You should never trust any data passed by url string. Any site can place any link to you site. Some user clicks it, goes to your site, parameters are executed in context of your site, and attacker can do anything he wants to.
Nothing in the code you've shown us is vulnerable.
You are reading user input, so there is the potential to introduce a vulnerability there. That is probably what the tool you are using is detecting.
If your code is vulnerable, then it will be because of whatever you do with the value of formName next (in the code you haven't shown us).
This is a possible DOM based XSS issue.
If you are using the value of formName like document.getElementById("demo").innerHTML=formName or somehow your DOM elements are being created/modified using the formName you are vulnerable,
as i can create a custom url like http://urwebsite.html?formName=<script>document.cookie_will_be_transfered_to_my_server_here</script> and ask a logged in person to click it(simple social engineering) .Now i have that person's session id, using which i can do what ever i want.
As a resolution, all the input data from the user has to be html encoded.

Adobe Javascript Signature Lock

I am trying to use Adobe Javascript to change the properties of a fillable form text box when a signature is added to a signature block.
A PDF file is created by exporting from Excel into PDF.
An Action is then used to Detect Form Fields which produces 2 text boxes and 2 signature blocks automatically.
The Action then runs this:
var f =this.getField("Signature").required = true ;
to make the first signature block a required form.
Everything is successful up to this point.
The action then attempts to run this:
var f =this.getField("Signature");
var oLock = f.getLock();
oLock.action = "include";
oLock.fields = new Array("Receivers CommentsRow1");
f.setLock(oLock);
Which throws up the error
TypeError: oLock is null
4:Batch:Exec
Running directly from the console gives the same error.
Any help is appreciated, thanks.
According to the documentation http://help.adobe.com/en_US/acrobat/acrobat_dc_sdk/2015/HTMLHelp/Acro12_MasterBook/JS_API_AcroJS/Field_methods.htm?rhtocid=_6_1_8_31_2_12#TOC_getLockbc-13
oLock.action = "include";
"include" should be initial caps "Include".

MOSS 07 editform.aspx fails to commit and goes to blank html page

Found solution from Microsoft Blog... see below
OK, to start I don't like the word random but I cannot find any correlation in test cases for this problem so I am going to use random to describe parts of this problem.
The setup: I have a list where i have crated a customized UI for the EditForm.aspx and NewForm.aspx. I use the same JS file and JavaScript between the two of them. I have added in a google map to help illustrate the location selection. I have added extra code to the "OK" button for some dynamic validation. I have done a lot of dynamic menu things as well. All users use IE 9 and the site is on a MOSS 2007 server.
The problem: Only on the EditForm.aspx, clicking OK "Randomly" results in an immediate white screen. The form is not saved and when viewing the source code of the white screen i find a blank html page.
What I have tried to find this problem:
- I tried to narrow down the user and computer this happens on and found that it happens for everyone on every computer(once again "Randomly").
- I tried disabling the code that is pre-pended to the "OK" button
- I tried following the code with the IE9's external script debugged and found no errors
I can provide the code but it is a bit long and I really do not know where to begin. So i can provide it if needed.
Thanks for the help ahead of time.
Edit:
This is the code re-wiring my OK button(i reset the value to "Save" earlier)
var okBtns = $('input[value="Save"]')
$.each(okBtns, function(index,value){
okFunction=$(value).attr('onclick');
$(value).attr('onclick','return false;')
$(value).bind('click', function(){
if ($('#'+StatusBox).val()=='Draft') {$('#'+StatusBox).val('New Request')}
var err = clickOKbutton();
if(err==0) {okFunction()};
});
});
This is the clickOKbutton function witch is th code prepended to the orgianal sharepoint operations:
function clickOKbutton()
{
//all of the imput validation i could ever wish for!!!!
var NoteVal = ''
var NameAry = $('#'+PersonnelBox).parent().children(":first").children("SPAN").children("SPAN");
$.each(NameAry, function(index,value){
var $n=$(value).html();
if(NoteVal.length==0) {NoteVal=$n} else {NoteVal=NoteVal+';'+$n};
});
//$('#'+AddNotes).val(NoteVal);
var plh = $('#'+PersonnelBox).parent().html()
userNameTx = $('#zz8_Menu').text();
userNameTx = userNameTx.replace('Welcome ','');
$.each(OICUsers, function(i,v){
if(plh.indexOf(v) > -1 && st=='New Request'){
$('#'+StatusBox).val('OIC Bypassed')
$('#'+CommentsBox).val('OIC is travling on this TDY/TAD and cannot approve. So this request is bypassing the "OIC Approval" step')
}
});
/*userNameTx = $('#zz8_Menu').text();
userNameTx = userNameTx.replace('Welcome ','')
$('#' + ModBox).closest('TR').show();*/
var message=''
message = detectFieldChanges(AllFieldsArray,AllOrgValArray,"Draft,New Request,Modified")
if(message.length>0){
$('#'+ModBox).val(message);
AutoResizeTextarea(ModBox);
}
message = detectFieldChanges(ValFieldsArray,OrgValuesArray,"Draft,New Request,Modified,OIC Approved,OIC Bypassed,Pending RFI,Ready for COS")
userNameTx = $('#zz8_Menu').text();
userNameTx = userNameTx.replace('Welcome ','');
if(message.length>0&&$.inArray(userNameTx,COSUsers)==-1){
$('#'+StatusBox).val('Modified').change;
$('#'+StatusLongBox).val('Modified').change;
}
//Subject box
var pb = NoteVal;
var ep = $('#'+ExtPersonnel).val();
var ab = $('#'+AddressBox).val();
var sd = $('#'+sDateBox).val();
var ed = $('#'+eDateBox).val();
var st = $('#'+StatusBox).val();
var p = pb+';'+ep;
var p = p.replace(/mossaspnetmembershipprovider:/g,'');
var p = p.slice(0,-1);
var ad = ab+' '+sd+' to '+ed;
var s = 'eTDY | '+st+' - '+p+' - '+ad;
if(s.length>255){
var l = s.length-255;
p = p.substring(0,p.length-l);
s = 'eTDY | '+p+' - '+ad;
}
$('#'+Subject).val(s);
//check Lat/Lng value
if($('#'+LatBox).val()=='' || $('#'+LngBox).val()==''){
//alert("Cannot continue unless the Lat Lng has a vallid coordinate");
if($('#LatLngError').length==0){
errorHTML='<br><span class="ms-error" id="LatLngError">You must specify a value for Lat and Lng</span>'
$('#'+AddressBox).closest('TD').append(errorHTML)
}
return -1
}
return 0
};
It is messy but hopefully you can make sense of it.
Edit 2:
I think I have tracked the randomness down... I completely turned off all custom code and still have the problem. I then tried comparing a working record with a non working record. Everything looked normal until i got to the field with a multiple people picker. If i have more than 2 people in that field it will save normal but when i go to make a modification on that record with more than 2 people in the people picker field is causes this problem. I am going to do some more research and will post my results.
Edit 3:
http://blogs.msdn.com/b/jorman/archive/2009/12/22/mystery-of-the-sharepoint-white-screens.aspx
This problem all boils down to IIS configuration and the Impersonation Level. Apparently our server admins decided to change it without telling anyone.
Usually, when you get [seemingly random] behavior from a web page (especially in MOSS), it means that you have ambiguous events defined on the page. Usually, I get this when I add some kind of JScript to a button or form on_submit.
Without seeing your code, I can't really narrow it down further than that. I recommend: look for JavaScript events on your HTML form or on your button click events or look for anchor [a] tags that point to nowhere (href=#) but have javascript. Then decide to do it (strictly) the HTML way (forms, submit buttons) or the javascript way, (no forms, no asp:button) and un-wire the other.
This problem all boils down to IIS configuration and the Impersonation Level. Apparently our server admins decided to change it without telling anyone.
http://blogs.msdn.com/b/jorman/archive/2009/12/22/mystery-of-the-sharepoint-white-screens.aspx

Categories