36. Let’s build this thing
1. Include the image
2. Restrict the context
3. Find/replace
4. Twitter request
5. Put it in a dialog
36
37. Include the image
var img =
require('speakeasy/resources').getImageUrl(module, 'bird.png');
37
38. Let’s do this all onready
$(document).ready(function() {
// we’ll put our code here
}
38
39. You have access to
• almost everything is namespaced under AJS
• AJS.$ [jQuery]
39
40. You have access to
• almost everything is namespaced under AJS
• AJS.$ [jQuery]
• AJS.Meta
AJS.Meta.getAllAsMap()
AJS.Meta.get(“space-key”)
40
41. Restrict the context
if (!!AJS.Meta.get("page-id") &&
!AJS.Meta.get("editor-mode")) {
// do our stuff
}
41
42. atlassian atlassian
Confluencep ages
viewing a page/blog editing a page/blog dashboard
breadcrumbs breadcrumbs breadcrumbs
title title Welcome to Confluence Updates
content
content
Spaces
SAVE
atlassian atlassian
42
56. XSS Example
var result = "<script>alert();</script>";
var el = document.getElementById('myDiv');
56
57. XSS Example
var result = "<script>alert();</script>";
var el = document.getElementById('myDiv');
el.innerHTML = result;
57
58. XSS Example
var result = "<script>alert();</script>";
var el = document.getElementById('myDiv');
el.innerHTML = result; // BAD - Don’t do this!
58
59. XSS Example
var result = "<script>alert();</script>";
var el = document.getElementById('myDiv');
el.innerHTML = result; // BAD - Don’t do this!
el.innerHTML = AJS.escapeHtml(result); // Do this instead.
59
60. XSS Example
var result = "<script>alert();</script>";
var el = document.getElementById('myDiv');
el.innerHTML = result; // BAD - Don’t do this!
el.innerHTML = AJS.escapeHtml(result); // Do this instead.
AJS.$(el).text(result); // Or this.
60
61. Interested in learning more?
Securing your Plugin - Penny Wyatt @ AtlasCamp 2010
Protip If you weren’t here last year or
just enjoy nostalgia, check out the
Atlascamp 2010 website for videos
of every session.
61