Documentation

JS
in package

Javascript

Tags
author

Stefan Heinemann sh@comvation.com

copyright

CLOUDREXX CMS - CLOUDREXX AG

subpackage

lib_framework

todo

Edit PHP DocBlocks!

Table of Contents

Constants

jsInlineEvents  = ['onclick', 'ondblclick', 'onmousedown', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onkeydown', 'onkeypress', 'onkeyup', 'onsubmit', 'onchange', 'onfocus', 'onblur', 'oninput', 'onload', 'onresize', 'onscroll', 'onunload', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondrop', 'oncopy', 'oncut', 'onpaste', 'onplay', 'onpause', 'onplaying', 'onended', 'onvolumechange', 'onerror', 'onshow', 'ontoggle']
List of known JavaScript inline events

Properties

$alternatives  : array<string|int, mixed>
Array holding certain scripts we do not want the user to include - we provide the version supplied with Cloudrexx instead.
$cspHashes  : array<string|int, mixed>
List of hashes of trusted code to be used by the Content Security Policy
$cspNonce  : string
The Content Security Policy nonce for the the current response
$cspScriptIds  : array<string|int, mixed>
List of IDs of trusted inline scripts
$cspSourceIndex  : int
Used as internal index for each trusted JavaScript inline code or stylesheet
$cspStyleIds  : array<string|int, mixed>
List of IDs of trusted stylesheets
$cspStyleSources  : array<string|int, mixed>
List of hosts of trusted stylesheets
$registeredCssFiles  : array<string|int, mixed>
Remembers all css files already added in some way.
$scriptTagPostSrcData  : array<string|int, mixed>
Holds data for each JS file that was located after the src attribute of the script tag
$scriptTagPreSrcData  : array<string|int, mixed>
Holds data for each JS file that was located before the src attribute of the script tag
$trustedSrcScriptHashes  : array<string|int, mixed>
List of hashes referencing script tags with trusted src values
$active  : array<string|int, mixed>
The array containing all the registered stuff
$available  : array<string|int, mixed>
Available JS libs These JS files are per default available in every Cloudrexx CMS.
$comment_dict  : mixed
$customCode  : array<string|int, mixed>
The custom Code
$customCSS  : array<string|int, mixed>
The custom CSS files
$customJS  : array<string|int, mixed>
Holds the custom JS files
$error  : string
Holding the last error
$re_name_postfix  : mixed
$registeredJsFiles  : array<string|int, mixed>
Remembers all js files already added in some way.
$shadowBoxLanguage  : string
The language of the shadowbox to be used
$shadowBoxPlayers  : array<string|int, mixed>
The players of the shadowbox
$templateJS  : array<string|int, mixed>
Holds the template JS files

Methods

activate()  : bool
Activate an available js file
activateByVersion()  : bool
Activate a specific version of an available js file
deactivate()  : bool
Deactivate a previously activated js file
fetchTrustedCspStyleSources()  : array<string|int, mixed>
Fetches trusted CSP (Content Security Policy) style sources from the given content.
findCSS()  : mixed
Finds all <link>-Tags in the passed HTML content, strips them out and puts them in the internal CSS placeholder store.
findJavascripts()  : mixed
Finds all <script>-Tags in the passed HTML content, strips them out and puts them in the internal JAVASCRIPT placeholder store.
getAvailableLibs()  : array<string|int, mixed>
Return the available libs
getCode()  : string
Return the code for the placeholder
getConfigurableLibraries()  : array<string|int, mixed>
Get an array of libraries which are ready to load in different versions
getCurrentCspNonce()  : string
Get the Content Security Policy nonce for the current response
getLastError()  : string
Return the last error
hashTrustedCspSources()  : array<string|int, mixed>
Generate hashes of trusted inline JavaScript code along with trusted hosts hosting external JavaScript files.
markSafeInlineJavaScripts()  : void
Scan code `$content` for HTML-script tags and JavaScript inline events and enclose each by a HTML-comment or JavaScript-comment.
markSafeStyleSources()  : void
Marks <link> tags that include a stylesheet as safe by embedding them with unique comments.
registerCode()  : bool
Register special code Add special code to the List
registerCSS()  : bool
Register a custom css file
registerFromRegex()  : mixed
registerJS()  : bool
Register a custom JavaScript file
registerJsLibrary()  : mixed
Register a JavaScript library that can later (after preContentLoad hook) be loaded by any component by calling \JS::activate($name).
generateHashOfJsCode()  : void
Generate a SHA265-hash of the code `$code` and remember it in {@see static::$cspHashes} to be used as verification hash for Content Security Policty.
getRealCssFiles()  : array<string|int, mixed>
Get the CSS files to be loaded
hashSafeInlineJavaScriptCode()  : void
Scans $content for trusted inline JavaScript code and registers a hash of each occurrence in {@see statuc::$cspHashes}.
hashSafeInlineJavaScriptEvents()  : void
Scans $content for inline JavaScript event code and registers a hash of each occurrence in {@see statuc::$cspHashes}.
initScheduledPublishing()  : mixed
Callback function to load related cx variables for "schedule-publish-tooltip" lib
makeCSSFiles()  : string
Make the code for the CSS files
makeFiles()  : string
This renders code for included files for the JAVASCRIPT placeholder
makeJSFiles()  : string
Make the code for the Javascript files
markSafeInlineJavaScriptCode()  : void
Scan code `$content` for HTML-script tags and enclose each by a HTML-comment of the form `<!-- script_<idx>_<md5_of_script-tag> -->` Those marks will later be used by {@see static::hashSafeInlineJavaScriptCode()} to generate the hashes of safe inline javascript code.
markSafeInlineJavaScriptEvents()  : void
Scan code `$content` for HTML-event-code and enclose each by a JavaScript-comment of the form `/* script_<idx>_<md5_of_script-tag> *\/`.
_storeComment()  : mixed
Internal helper for replacing comments.
grabComments()  : mixed
Grabs all comments in the given HTML and replaces them with a temporary string. Modifies the given HTML in-place.
makeSpecialCode()  : string
Make the code section for
restoreComments()  : mixed
Restores all grabbed comments (@see JS::grabComments()) and puts them back in the given content. Modifies the given HTML in-place.

Constants

jsInlineEvents

List of known JavaScript inline events

protected array<string|int, mixed> jsInlineEvents = ['onclick', 'ondblclick', 'onmousedown', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onkeydown', 'onkeypress', 'onkeyup', 'onsubmit', 'onchange', 'onfocus', 'onblur', 'oninput', 'onload', 'onresize', 'onscroll', 'onunload', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondrop', 'oncopy', 'oncut', 'onpaste', 'onplay', 'onpause', 'onplaying', 'onended', 'onvolumechange', 'onerror', 'onshow', 'ontoggle']

Properties

$alternatives

Array holding certain scripts we do not want the user to include - we provide the version supplied with Cloudrexx instead.

protected static array<string|int, mixed> $alternatives = array('/^jquery([-_]\d\.\d(\.\d)?)?(\.custom)?(\.m(in|ax))?\.js$/i' => 'jquery', '/^contrexxJs\.js$/i' => 'cx')

This was introduced to prevent the user from overriding the jQuery plugins included by the Cloudrexx javascript framework.

associative array ( '/regexstring/' => 'componentToIncludeInstead' )

Tags
see
registerFromRegex()

$cspHashes

List of hashes of trusted code to be used by the Content Security Policy

protected static array<string|int, mixed> $cspHashes = []

$cspNonce

The Content Security Policy nonce for the the current response

protected static string $cspNonce = ''

$cspScriptIds

List of IDs of trusted inline scripts

protected static array<string|int, mixed> $cspScriptIds = []

$cspSourceIndex

Used as internal index for each trusted JavaScript inline code or stylesheet

protected static int $cspSourceIndex = 0

$cspStyleIds

List of IDs of trusted stylesheets

protected static array<string|int, mixed> $cspStyleIds = []

$cspStyleSources

List of hosts of trusted stylesheets

protected static array<string|int, mixed> $cspStyleSources = []

$registeredCssFiles

Remembers all css files already added in some way.

protected static array<string|int, mixed> $registeredCssFiles = array()
Tags
access

protected

static

$scriptTagPostSrcData

Holds data for each JS file that was located after the src attribute of the script tag

protected static array<string|int, mixed> $scriptTagPostSrcData = array()
Tags
static

$scriptTagPreSrcData

Holds data for each JS file that was located before the src attribute of the script tag

protected static array<string|int, mixed> $scriptTagPreSrcData = array()
Tags
static

$trustedSrcScriptHashes

List of hashes referencing script tags with trusted src values

protected static array<string|int, mixed> $trustedSrcScriptHashes = []

$active

The array containing all the registered stuff

private static array<string|int, mixed> $active = array()
Tags
access

private

static

$available

Available JS libs These JS files are per default available in every Cloudrexx CMS.

private static array<string|int, mixed> $available = array( 'prototype' => array('jsfiles' => array('lib/javascript/prototype.js')), 'scriptaculous' => array('jsfiles' => array('lib/javascript/scriptaculous/scriptaculous.js'), 'dependencies' => array('prototype')), 'shadowbox' => array('jsfiles' => array('lib/javascript/shadowbox/shadowbox.js'), 'dependencies' => array('cx'), 'specialcode' => "\nShadowbox.setCspNonce(cx.variables.get('cspNonce'));\nShadowbox.loadSkin('standard', cx.variables.get('basePath', 'contrexx')+'lib/javascript/shadowbox/skin/');\nShadowbox.loadLanguage('en', cx.variables.get('basePath', 'contrexx')+'lib/javascript/shadowbox/lang');\nShadowbox.loadPlayer(['flv', 'html', 'iframe', 'img', 'qt', 'swf', 'wmp'], cx.variables.get('basePath', 'contrexx')+'lib/javascript/shadowbox/player');\ncx.jQuery(document).ready(function(){\n Shadowbox.init();\n})\ncx.ready(function() {\n jQuery('img[data-shadowbox]').wrap(function() {\n return jQuery('<a></a>').attr({\n href: jQuery(this).attr('data-shadowbox'),\n class: 'shadowbox'\n });\n })\n if (jQuery('a.shadowbox').length) {\n Shadowbox.setup(jQuery('a.shadowbox'));\n }\n})\n", 'signCode4Csp' => ['Shadowbox.close();', 'Shadowbox.close()', 'Shadowbox.next()', 'Shadowbox.play()', 'Shadowbox.pause()', 'Shadowbox.previous()']), 'jquery' => array('versions' => array('2.0.3' => array('jsfiles' => array('lib/javascript/jquery/2.0.3/js/jquery.min.js')), '2.0.2' => array('jsfiles' => array('lib/javascript/jquery/2.0.2/js/jquery.min.js')), '1.10.1' => array('jsfiles' => array('lib/javascript/jquery/1.10.1/js/jquery.min.js')), '1.9.1' => array('jsfiles' => array('lib/javascript/jquery/1.9.1/js/jquery.min.js')), '1.8.3' => array('jsfiles' => array('lib/javascript/jquery/1.8.3/js/jquery.min.js')), '1.7.3' => array('jsfiles' => array('lib/javascript/jquery/1.7.3/js/jquery.min.js')), '1.6.4' => array('jsfiles' => array('lib/javascript/jquery/1.6.4/js/jquery.min.js')), '1.6.1' => array('jsfiles' => array('lib/javascript/jquery/1.6.1/js/jquery.min.js'))), 'specialcode' => '$J = jQuery;'), 'jquery-tools' => array('jsfiles' => array('lib/javascript/jquery/tools/jquery.tools.min.js'), 'dependencies' => array('jquery')), 'jquery-imgareaselect' => array('jsfiles' => array('lib/javascript/jquery/plugins/imgareaselect/jquery.imgareaselect.js'), 'cssfiles' => array('lib/javascript/jquery/plugins/imgareaselect/css/imgareaselect-animated.css'), 'dependencies' => array('jquery')), 'jquery-jqplot' => array('jsfiles' => array('lib/javascript/jquery/plugins/jqplot/jquery.jqplot.js', 'lib/javascript/jquery/plugins/jqplot/plugins/jqplot.canvasTextRenderer.js', 'lib/javascript/jquery/plugins/jqplot/plugins/jqplot.categoryAxisRenderer.js', 'lib/javascript/jquery/plugins/jqplot/plugins/jqplot.barRenderer.js', 'lib/javascript/jquery/plugins/jqplot/plugins/jqplot.highlighter.js', 'lib/javascript/jquery/plugins/jqplot/plugins/jqplot.canvasAxisTickRenderer.js'), 'cssfiles' => array('lib/javascript/jquery/plugins/jqplot/jquery.jqplot.css'), 'dependencies' => array('jquery')), 'jquery-bootstrap' => array('jsfiles' => array('lib/javascript/jquery/plugins/bootstrap/bootstrap.js'), 'cssfiles' => array('lib/javascript/jquery/plugins/bootstrap/bootstrap.css'), 'dependencies' => array('jquery')), 'js-cookie' => array('jsfiles' => array('lib/javascript/js-cookie.min.js')), 'jquery-nstslider' => array('jsfiles' => array('lib/javascript/jquery/plugins/nstSlider/jquery.nstSlider.min.js'), 'cssfiles' => array('lib/javascript/jquery/plugins/nstSlider/jquery.nstSlider.min.css'), 'dependencies' => array('jquery' => '^([^1]\..*|1\.[^0-6]*\..*|1\.6\.[^0-3])$')), // Required by HTML::getDatepicker() (modules/shop)! // (Though other versions will do just as well) // TODO: remove & replace by cx call 'jqueryui' => array('jsfiles' => array('lib/javascript/jquery/ui/jquery-ui-1.8.7.custom.min.js', 'lib/javascript/jquery/ui/jquery-ui-timepicker-addon.js'), 'cssfiles' => array('jquery-ui.css' => 'lib/javascript/jquery/ui/css/jquery-ui.css'), 'dependencies' => array('cx')), //stuff to beautify forms. 'cx-form' => array('jsfiles' => array('lib/javascript/jquery/ui/jquery.multiselect2side.js'), 'cssfiles' => array('lib/javascript/jquery/ui/css/jquery.multiselect2side.css'), 'dependencies' => array('jqueryui')), /* Coming soon Caution: JS/ALL files are missing. Also, this should probably be loaded through js:cx now. 'jcrop' => array( 'jsfiles' => array( 'lib/javascript/jcrop/js/jquery.Jcrop.min.js' ), 'cssfiles' => array( 'lib/javascript/jcrop/css/jquery.Jcrop.css', ), 'dependencies' => array( 'jquery', ), // When invoking jcrop, add code like this to create the widget: // cx.jQuery(window).load(function(){ // cx.jQuery("#my_image").Jcrop({ [option: value, ...] }); // }); // where option may be any of // aspectRatio decimal // Aspect ratio of w/h (e.g. 1 for square) // minSize array [ w, h ] // Minimum width/height, use 0 for unbounded dimension // maxSize array [ w, h ] // Maximum width/height, use 0 for unbounded dimension // setSelect array [ x, y, x2, y2 ] // Set an initial selection area // bgColor color value // Set color of background container // bgOpacity decimal 0 - 1 // Opacity of outer image when cropping ), */ 'md5' => array('jsfiles' => array('lib/javascript/jquery/jquery.md5.js'), 'dependencies' => array('jquery')), 'cx' => array('jsfiles' => array('lib/javascript/cx/contrexxJs.js', 'lib/javascript/cx/contrexxJs-tools.js', 'lib/javascript/jquery/jquery.includeMany-1.2.2.js'), 'dependencies' => array( 'md5', // depends on jquery 'jquery-tools', ), 'lazyDependencies' => array('jqueryui')), 'jstree' => array('jsfiles' => array('lib/javascript/jquery/jstree/jquery.jstree.js', 'lib/javascript/jquery/hotkeys/jquery.hotkeys.js'), 'dependencies' => array('jquery', 'js-cookie')), // jQ UI input select enhancer. used in Content Manager 2 'chosen' => array('jsfiles' => array('lib/javascript/jquery/chosen/jquery.chosen.js'), 'cssfiles' => array('lib/javascript/jquery/chosen/chosen.css'), 'dependencies' => array('jquery'), 'specialcode' => ' cx.jQuery(document).ready(function() { if (cx.jQuery(\'.chzn-select\').length > 0) { cx.jQuery(\'.chzn-select\').each(function(i, e) { cx.jQuery(e).chosen( cx.jQuery(e).data() ) }); } });'), // Extends standard "chosen" above. Usage: // cx.jQuery([selector]) // .chosen([options]) // .chosenSortable([extra options]); 'chosen-sortable' => array('jsfiles' => array('lib/javascript/jquery/chosen/chosen-sortable.min.js'), 'dependencies' => array('jqueryui', 'chosen')), 'backend' => array('jsfiles' => array('lib/javascript/switching_content.js', 'lib/javascript/set_checkboxes.js')), 'user-live-search' => array('jsfiles' => array('lib/javascript/user-live-search.js'), 'dependencies' => array( 'cx', // depends on jquery 'jqueryui', )), 'bootstrapvalidator' => array('jsfiles' => array('lib/javascript/jquery/bootstrapvalidator/js/bootstrapValidator.min.js'), 'cssfiles' => array('lib/javascript/jquery/bootstrapvalidator/css/bootstrapValidator.min.css'), 'dependencies' => array('twitter-bootstrap')), 'twitter-bootstrap' => array('versions' => array('3.2.0' => array('jsfiles' => array('lib/javascript/twitter-bootstrap/3.2.0/js/bootstrap.min.js'), 'cssfiles' => array('lib/javascript/twitter-bootstrap/3.2.0/css/bootstrap.min.css'), 'dependencies' => array('jquery' => '^([^1]\..*|1\.[^0-8]*\..*)$')), '3.1.0' => array('jsfiles' => array('lib/javascript/twitter-bootstrap/3.1.0/js/bootstrap.min.js'), 'cssfiles' => array('lib/javascript/twitter-bootstrap/3.1.0/css/bootstrap.min.css'), 'dependencies' => array('jquery' => '^([^1]\..*|1\.[^0-6]*\..*)$')), '3.0.3' => array('jsfiles' => array('lib/javascript/twitter-bootstrap/3.0.3/js/bootstrap.min.js'), 'cssfiles' => array('lib/javascript/twitter-bootstrap/3.0.3/css/bootstrap.min.css'), 'dependencies' => array('jquery' => '^([^1]\..*|1\.[^0-6]*\..*)$')), '3.0.2' => array('jsfiles' => array('lib/javascript/twitter-bootstrap/3.0.2/js/bootstrap.min.js'), 'cssfiles' => array('lib/javascript/twitter-bootstrap/3.0.2/css/bootstrap.min.css'), 'dependencies' => array('jquery' => '^([^1]\..*|1\.[^0-6]*\..*)$')), '3.0.1' => array('jsfiles' => array('lib/javascript/twitter-bootstrap/3.0.1/js/bootstrap.min.js'), 'cssfiles' => array('lib/javascript/twitter-bootstrap/3.0.1/css/bootstrap.min.css'), 'dependencies' => array('jquery' => '^([^1]\..*|1\.[^0-6]*\..*)$')), '3.0.0' => array('jsfiles' => array('lib/javascript/twitter-bootstrap/3.0.0/js/bootstrap.min.js'), 'cssfiles' => array('lib/javascript/twitter-bootstrap/3.0.0/css/bootstrap.min.css'), 'dependencies' => array('jquery' => '^([^1]\..*|1\.[^0-6]*\..*)$')), '2.3.2' => array('jsfiles' => array('lib/javascript/twitter-bootstrap/2.3.2/js/bootstrap.min.js'), 'cssfiles' => array('lib/javascript/twitter-bootstrap/2.3.2/css/bootstrap.min.css', 'lib/javascript/twitter-bootstrap/2.3.2/css/bootstrap-responsive.min.css'), 'dependencies' => array('jquery' => '^([^1]\..*|1\.[^0-6]*\..*)$')))), 'mediabrowser' => array('jsfiles' => array('lib/javascript/jquery/2.0.3/js/jquery.min.js', 'lib/plupload/js/moxie.min.js?v=2', 'lib/plupload/js/plupload.full.min.js?v=2', 'lib/javascript/angularjs/angular.js?v=2', 'lib/javascript/angularjs/angular-route.js?v=2', 'lib/javascript/angularjs/angular-animate.js?v=2', 'lib/javascript/twitter-bootstrap/3.1.0/js/bootstrap.min.js', 'lib/javascript/angularjs/ui-bootstrap-tpls-0.11.2.min.js', 'lib/javascript/bootbox.min.js'), 'cssfiles' => array('lib/javascript/angularjs/angular-csp.css', 'core_modules/MediaBrowser/View/Style/MediaBrowser.css?v=2', 'core_modules/MediaBrowser/View/Style/Frontend.css?v=2'), 'dependencies' => array('cx', 'js-cookie'), 'specialcode' => 'if (typeof cx.variables.get(\'jquery\', \'mediabrowser\') == \'undefined\'){ cx.variables.set({"jquery": jQuery.noConflict(true)},\'mediabrowser\'); }'), 'schedule-publish-tooltip' => array('jsfiles' => array('core/Core/View/Script/ScheduledPublishing.js'), 'cssfiles' => array('core/Core/View/Style/ScheduledPublishing.css'), 'loadcallback' => 'initScheduledPublishing', 'dependencies' => array('cx')), 'tag-it' => array('jsfiles' => array('lib/javascript/tag-it/js/tag-it.min.js'), 'cssfiles' => array('lib/javascript/tag-it/css/tag-it.css'), 'dependencies' => array('jqueryui')), )

The format is the following: array( scriptname : array ( jsfiles : array of strings containing all needed javascript files cssfiles : array of strings containing all needed css files dependencies : array of strings containing all dependencies in the right order specialcode : special js code to be executed loadcallback: function that will be executed with the options as parameter when chosen to activate that JS library, so the options can be parsed makecallback: function that will be executed when the code is generated ) )

Tags
access

private

static

$customCode

The custom Code

private static array<string|int, mixed> $customCode = array()
Tags
static
access

private

$customCSS

The custom CSS files

private static array<string|int, mixed> $customCSS = array()
Tags
static
access

private

$customJS

Holds the custom JS files

private static array<string|int, mixed> $customJS = array()
Tags
static
access

private

$error

Holding the last error

private static string $error
Tags
access

private

static

$registeredJsFiles

Remembers all js files already added in some way.

private static array<string|int, mixed> $registeredJsFiles = array()
Tags
access

private

static

$shadowBoxLanguage

The language of the shadowbox to be used

private static string $shadowBoxLanguage = "en"
Tags
access

private

static

$shadowBoxPlayers

The players of the shadowbox

private static array<string|int, mixed> $shadowBoxPlayers = array('img', 'swf', 'flv', 'qt', 'wmp', 'iframe', 'html')
Tags
access

private

static

$templateJS

Holds the template JS files

private static array<string|int, mixed> $templateJS = array()
Tags
static
access

private

Methods

activate()

Activate an available js file

public static activate(string $name[, array<string|int, mixed> $options = null ][, bool $dependencies = true ]) : bool

The options parameter is specific for the chosen library. The library must define callback methods for the options to be used.

Parameters
$name : string
$options : array<string|int, mixed> = null
$dependencies : bool = true
Tags
access

public

static
Return values
bool

activateByVersion()

Activate a specific version of an available js file

public static activateByVersion(string $name, string $version[, string $dependencyOf = null ]) : bool
Parameters
$name : string

Name of the library to load

$version : string

Specific version of the library to load. Specified as 'x.z.y'. Also accepts PCRE wildchars.

$dependencyOf : string = null

is the optional name of the library that triggered the loaded of the specific library version.

Tags
static
Return values
bool

TRUE if specific version of the library has been loaded. FALSE on failure

deactivate()

Deactivate a previously activated js file

public static deactivate(string $name) : bool
Parameters
$name : string
Tags
access

public

static
Return values
bool

fetchTrustedCspStyleSources()

Fetches trusted CSP (Content Security Policy) style sources from the given content.

public static fetchTrustedCspStyleSources(string &$content) : array<string|int, mixed>

This function scans the provided HTML content for tags that are marked with specific placeholder comments identifying them as trusted (static::markSafeStyleSources()). It validates these links against a list of pre-approved CSP style IDs and extracts their href attributes if they qualify as trusted sources.

The process involves searching for link tags enclosed by specific comments that contain unique IDs. Each valid link's URL is parsed and transformed into a CSP-compliant source string. The function updates the static array static::$cspStyleSources with the extracted URLs.

Note: Links without a host part are considered local and implicitly trusted as 'self'.

Parameters
$content : string

The HTML content to scan. This parameter is passed by reference. Any identified placeholder comments are removed from $content.

Tags
uses
static::$cspStyleIds

To check if the ID extracted from a placeholder comment is trusted.

uses
static::$cspStyleSources

To accumulate and return the trusted style sources.

example

... This comment tag must enclose a tag for it to be processed.

Return values
array<string|int, mixed>

An array of strings where each string is a CSP-compliant URL of a trusted style source. Returns an empty array if no valid sources are found or if content is empty.

findCSS()

Finds all <link>-Tags in the passed HTML content, strips them out and puts them in the internal CSS placeholder store.

public static findCSS(string &$content[, bool $register = true ]) : mixed

You can then retreive them all-in-one with JS::getCode(). This is currently only used by Wysiwyg!

Parameters
$content : string
  • Reference to the HTML content. Note that it WILL be modified in-place.
$register : bool = true

Set to false to not register found CSS-files into the widget [[JAVASCRIPT]]

Tags
see
ComponentController::getCustomCSSVariables()

findJavascripts()

Finds all <script>-Tags in the passed HTML content, strips them out and puts them in the internal JAVASCRIPT placeholder store.

public static findJavascripts(string &$content) : mixed

You can then retreive them all-in-one with JS::getCode().

Parameters
$content : string
  • Reference to the HTML content. Note that it WILL be modified in-place.

getAvailableLibs()

Return the available libs

public static getAvailableLibs() : array<string|int, mixed>
Tags
access

public

static
Return values
array<string|int, mixed>

getCode()

Return the code for the placeholder

public static getCode() : string
Tags
access

public

static
Return values
string

getConfigurableLibraries()

Get an array of libraries which are ready to load in different versions

public static getConfigurableLibraries() : array<string|int, mixed>
Return values
array<string|int, mixed>

the libraries which are ready to configure for skin

getCurrentCspNonce()

Get the Content Security Policy nonce for the current response

public static getCurrentCspNonce() : string
Return values
string

getLastError()

Return the last error

public static getLastError() : string
Tags
static
access

public

Return values
string

hashTrustedCspSources()

Generate hashes of trusted inline JavaScript code along with trusted hosts hosting external JavaScript files.

public static hashTrustedCspSources(string &$content) : array<string|int, mixed>

Scans $content for inline JavaScript code and registers a hash of each occurrence in statuc::$cspHashes.

Parameters
$content : string

HTML-content to scan for inline JavaScript

Return values
array<string|int, mixed>

List of hashes of inline JavaScript code and hosts of external JavaScript files to be used by a Security Content Policy.

markSafeInlineJavaScripts()

Scan code `$content` for HTML-script tags and JavaScript inline events and enclose each by a HTML-comment or JavaScript-comment.

public static markSafeInlineJavaScripts(string &$content) : void

Use this to mark a component's entity data as trusted.

Parameters
$content : string

markSafeStyleSources()

Marks <link> tags that include a stylesheet as safe by embedding them with unique comments.

public static markSafeStyleSources(string &$content) : void

This function is specifically designed to work within environments where Content Security Policy (CSP) directives are dynamically applied to style sources based on runtime evaluations.

The function first checks if the CSP directive handling is enabled. If not, it exits early. Otherwise, it proceeds to scan the provided HTML content for tags that are used for stylesheets. Each matching tag is then wrapped with unique comments that contain a dynamically generated source ID. This ID is composed of a base 'link_', a sequential index, and a hash of the tag itself, ensuring each tag is uniquely identified.

The ID is stored in a static array static::$cspStyleIds for later validation when policies are applied, and the content is modified in-place by appending these identifiers before and after the tags (static::fetchTrustedCspStyleSources()).

Parameters
$content : string

The HTML content to be processed. This parameter is passed by reference to allow direct modification of the original content string.

Tags
uses
static::$cspSourceIndex

To generate a unique index for each tag processed.

uses
static::$cspStyleIds

To store each generated unique ID for later use in CSP validation.

uses
Cx::instanciate()

To get an instance of the core system class.

uses
SecurityComponent::isCspOnFetchDirectivesEnabled()

To check if the CSP directive handling for fetch is enabled.

example
becomes

registerCode()

Register special code Add special code to the List

public static registerCode(mixed $code) : bool
Parameters
$code : mixed
Tags
static
access

public

Return values
bool

registerCSS()

Register a custom css file

public static registerCSS(mixed $file) : bool

Add a new, individual CSS file to the list. The filename has to be relative to the document root.

Parameters
$file : mixed
Tags
static
access

public

Return values
bool

registerFromRegex()

public static registerFromRegex(mixed $matchinfo) : mixed
Parameters
$matchinfo : mixed

registerJS()

Register a custom JavaScript file

public static registerJS(string $file[, bool $template = false ][, string $preSrcData = '' ][, string $postSrcData = '' ][, bool $trusted = true ]) : bool

Loads a new, individual JavaScript file that will be included in the page response. If a file is registered that already exists as an available JavaScript library, then this one will be loaded instead.

Parameters
$file : string

The path of $file must be specified relative to the document root of the website. I.e. modules/foo/bar.js

$template : bool = false

is a javascript file which has been included from template

$preSrcData : string = ''

Optional string of attributes that shall be added to the HTML script tag before the src-attribute.

$postSrcData : string = ''

Optional string of attributes that shall be added to the HTML script tag after the src-attribute.

$trusted : bool = true

Whether the script to load is trusted. When CSP (Content Security Policy) is enabled and this is set to true, then the script will be decorated with a nonce.

External files are also suppored by providing a valid HTTP(S) URI as $file.

Return values
bool

Returns TRUE if the file will be loaded, otherwiese FALSE.

registerJsLibrary()

Register a JavaScript library that can later (after preContentLoad hook) be loaded by any component by calling \JS::activate($name).

public static registerJsLibrary(mixed $name[, mixed $definition = array() ]) : mixed

This method should only be used within the preContentLoad hook.

Parameters
$name : mixed

string Name of the library to register

$definition : mixed = array()

array Meta information about the library. See static::$available for schema definition.

generateHashOfJsCode()

Generate a SHA265-hash of the code `$code` and remember it in {@see static::$cspHashes} to be used as verification hash for Content Security Policty.

protected static generateHashOfJsCode(string $code) : void
Parameters
$code : string

JavaScript code to generate the hash from.

getRealCssFiles()

Get the CSS files to be loaded

protected static getRealCssFiles(mixed $cssFiles) : array<string|int, mixed>

Check for each CSS-file if there exists a customized version in the loaded webdesign theme. If so, the customized version's path will be returned instead of the original path.

Parameters
$cssFiles : mixed

array List of CSS files to check for customized versions of.

Return values
array<string|int, mixed>

The supplied array $cssFiles. Whereas the path of CSS files has been replaced, in case there is a customized version available.

hashSafeInlineJavaScriptCode()

Scans $content for trusted inline JavaScript code and registers a hash of each occurrence in {@see statuc::$cspHashes}.

protected static hashSafeInlineJavaScriptCode(string &$content) : void
Parameters
$content : string

HTML-content to scan for inline JavaScript code

hashSafeInlineJavaScriptEvents()

Scans $content for inline JavaScript event code and registers a hash of each occurrence in {@see statuc::$cspHashes}.

protected static hashSafeInlineJavaScriptEvents(string &$content) : void
Parameters
$content : string

HTML-content to scan for inline JavaScript event code

initScheduledPublishing()

Callback function to load related cx variables for "schedule-publish-tooltip" lib

protected static initScheduledPublishing(array<string|int, mixed> $options) : mixed
Parameters
$options : array<string|int, mixed>

options array

makeCSSFiles()

Make the code for the CSS files

protected static makeCSSFiles(array<string|int, mixed> $files) : string
Parameters
$files : array<string|int, mixed>
Tags
static
access

private

Return values
string

makeFiles()

This renders code for included files for the JAVASCRIPT placeholder

protected static makeFiles(string $registeredFilesVar, array<string|int, mixed> $files, bool $template, string $inlineSettingName, callable $inlineCapabilityCallback, string $inlineRelativePathRewriteRegex, callable $inlineTemplatingCallback, callable $externalTemplatingCallback[, bool $forceTrust = false ]) : string

All callbacks get the path as a first argument. Additionally the initial filename (as passed in $files) and $template are passed.

$inlineSettingName needs to be the name of a setting of component "View" in group "Js" (FileSystem engine).

$inlineCapabilityCallback returns whether this file can be inlined.

$inlineRelativePathRewriteRegex needs to match relative paths (/paths that start with a point) for all possible includes (for example CSS'

Parameters
$registeredFilesVar : string

Name of static member var to store already registered files in

$files : array<string|int, mixed>

List of filenames to parse

$template : bool

Whether this rendering is from the actual template

$inlineSettingName : string

Setting to check for whether to allow inlining

$inlineCapabilityCallback : callable
$inlineRelativePathRewriteRegex : string

RegEx to get relative paths for rewriting

$inlineTemplatingCallback : callable

Callback which generates code for inlining

$externalTemplatingCallback : callable

Callback which generates code for include

$forceTrust : bool = false
Tags
import

statements). The second capture group needs to contain the matching path. Trailing characters after the actual file path are allowed. The first capture group needs to contain everything before the path that needs to be in the replacement. A simple example of such a RegEx (matching "import './myFile.js';") would be: /(import\s*['"]?.)([^;]+;)/i

$inlineTemplatingCallback returns the resulting HTML code for inlining the code as a string.

$externalTemplatingCallback returns the resulting HTML code for including (/referencing) the code as a string.

Return values
string

Resulting HTML

makeJSFiles()

Make the code for the Javascript files

protected static makeJSFiles(array<string|int, mixed> $files[, bool $template = false ][, mixed $forceTrust = false ]) : string
Parameters
$files : array<string|int, mixed>
$template : bool = false

Whether the file has been included from the webdesign template or not

$forceTrust : mixed = false
Tags
static
Return values
string

markSafeInlineJavaScriptCode()

Scan code `$content` for HTML-script tags and enclose each by a HTML-comment of the form `<!-- script_<idx>_<md5_of_script-tag> -->` Those marks will later be used by {@see static::hashSafeInlineJavaScriptCode()} to generate the hashes of safe inline javascript code.

protected static markSafeInlineJavaScriptCode(string &$content) : void
Parameters
$content : string

markSafeInlineJavaScriptEvents()

Scan code `$content` for HTML-event-code and enclose each by a JavaScript-comment of the form `/* script_<idx>_<md5_of_script-tag> *\/`.

protected static markSafeInlineJavaScriptEvents(string &$content) : void

Those marks will later be used by static::hashSafeInlineJavaScriptEvents() to generate the hashes of safe inline javascript events.

Parameters
$content : string

_storeComment()

Internal helper for replacing comments.

private static _storeComment(mixed $re) : mixed

@see JS::grabComments()

Parameters
$re : mixed

grabComments()

Grabs all comments in the given HTML and replaces them with a temporary string. Modifies the given HTML in-place.

private static grabComments(string &$content) : mixed
Parameters
$content : string

makeSpecialCode()

Make the code section for

private static makeSpecialCode(array<string|int, mixed> $code) : string
Parameters
$code : array<string|int, mixed>
Tags
access

private

static
Return values
string

restoreComments()

Restores all grabbed comments (@see JS::grabComments()) and puts them back in the given content. Modifies the given HTML in-place.

private static restoreComments(string &$content) : mixed
Parameters
$content : string 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results