This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes JForum and the fly likes How add static function to htm templates in JForum Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » JForum
Bookmark "How add static function to htm templates in JForum" Watch "How add static function to htm templates in JForum" New topic
Author

How add static function to htm templates in JForum

Omar Komiha
Greenhorn

Joined: Mar 06, 2014
Posts: 1
Hi folks,

My name is Omar.

My knowledge about JForum is very minimal so forgive me if my question is very stupid or unrelated to JForum.

I want to add a token to an htm (template) page by calling a java static function. The token is meant to protect the form from Cross-Site Request Forgery (CSRF) attacks, and therefore needs to be generated dynamically.

I saw that calling static functions is possible from htm templates, and since this is normally not possible from htm/html pages I assumed that this is a JForum feature.

What I did is add the following code to the htm page:



However when I run the code I get the following error:

Expression TokenGenerator is undefined on line 4, column 47 in custom/forum_login.htm.

It seems that I also need to configure something to complete this, however I have no clue how to do that ...

Any help would be appreciated.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41137
    
  45
Welcome to JavaRanch. That's not so much a feature of JForum, but rather of the FreeMarker templating engine JForum uses. I don't think it allows you to call random static methods without some preparation; at least that's how I read http://freemarker.org/docs/pgui_misc_beanwrapper.html#autoid_55. A better way would be to call that method in the Java class, and then put its results into the HashMap that collects all template variables.


Ping & DNS - my free Android networking tools app
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30135
    
150

Omar,
Welcome to CodeRanch! As Ulf noted, those aren't really html files. They are Freemarker templates.

I wrote a blog series on how we fixed CSRF on our JForum install. It's not trivial.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How add static function to htm templates in JForum
 
Similar Threads
Pixel image call/web bug and CSS/CSRF
Struts Token to prevent Cross-Site Request Forgery(CSRF) attack
JSF 1.2 and CSRF (Cross Site Request Forgery) protection
Cross Site Request Forgery (CSRF)
coderanch and csrf