Script in Process Success Message. No go in chrome(ium)

Not sure if this is considered a bug or not, or if the handling of branches with process success message has changed, but it doesn't seem to work anymore with a standard branch to page on chrome.
It is reporting:
Refused to execute a JavaScript script. Source code of script found within request
I have used this in the past and it used to work. (talking 3.2, but either apex/chrome/both has changed since then)
Anyway, researching the error leads me to this blog from chromium: http://blog.chromium.org/2010/01/security-in-depth-new-security-features.html
We've been hard at work adding proactive security features to Google Chrome, and we're particularly excited about five new security features that make it easier for developers to build secure web sites.I think this relates to:
*Reflective XSS Protection*One of the most difficult parts of building a secure web site is protecting against cross-site scripting (XSS) vulnerabilities. In Google Chrome 4, we've added an experimental feature to help mitigate one form of XSS, reflective XSS. The XSS filter checks whether a script that's about to run on a web page is also present in the request that fetched that web page. If the script is present in the request, that's a strong indication that the web server might have been tricked into reflecting the script.
The XSS filter is similar to those found in Internet Explorer 8 and NoScript. Instead of being layered on top of the browser like those filters, our XSS filter is integrated into WebKit, which Google Chrome uses to render webpages. Integrating the XSS filter into the rendering engine has two benefits: (1) the filter can catch scripts right before they are executed, making it easier to detect some tricky attack variations, and (2) the filter can be used by every WebKit-based browser, including Safari and Epiphany.
We are aware of a few ways to bypass the filter, but, on balance, we think that the filter is providing enough benefit to enable it by default in this release. If you discover a new way to bypass the filter, please let us know. We're very interested in improving the filter in subsequent releases. We're grateful to the security researchers who have helped us with the filter thus far (especially Eduardo "Sirdarckcat" Vela), and we welcome even more participation.>
Looking at one of the sample database applications, i notice if i insert a script into the success message of the customers DML page, it works without issue. Upon further inspection, i see there is a new branch type - based on application item; and this doesn't post the success message in the URL which is likely why it is working.
I can see this security measure is good to prevent XSS, but perhaps there is some other good way to handle allowing a script to be in the success message in a standard branch (it seems like a slight pain to force creating a page item to store the branch page)

OK.. so i've just learned when creating a branch, if you change from the default 'Page or URL' to 'Page' there is one setting to branch using redirect. If you un select this, the success message also is not passed in the URL, causing no issue.

Similar Messages

Process Success Message not working

Hi
I have created a process to send a mail on some button click...
The process success message i have given that
Mail Sent Successfully!
Though the mail is coming I am not getting the Mail Sent Message!
Can someone help to let me know what am I missing?
Thanks
Ankit

Ok another fishy question
Can a process sent a Successful Message without completing the task?
I get the message Mail Sent though I never receive the mail...
In test environment apex.oraclecorp.com it is working sending the mail.
But in production database.us.oracle.com it is not working :(
I have made the exact copy in production site!
What can i be missing?

Process Success Message not displaying properly

Hello.
I know there are many threads about this problem. But i can't get it right.
I have custom MRU process like:
DECLARE
p_updcount NUMBER := 0;
BEGIN
FOR i IN 1 .. apex_application.g_f08.COUNT
LOOP
    IF apex_application.g_f08 (i) IS NOT NULL
      AND substr(APEX_APPLICATION.g_f20 (i),40) !=
      wwv_flow_item.md5 (apex_application.g_f07 (i),
                apex_application.g_f08 (i),
                      apex_application.g_f09 (i),
                         apex_application.g_f10 (i),
                         apex_application.g_f11 (i),
                         apex_application.g_f12 (i),
                         apex_application.g_f13 (i),
                         apex_application.g_f14 (i),
                         apex_application.g_f15 (i),
                         apex_application.g_f16 (i),
                         apex_application.g_f17 (i),
                         apex_application.g_f18 (i),
                         apex_application.g_f19 (i)
                         )||'" />' THEN
     UPDATE table
          SET ...
       WHERE id = ...;
      p_updcount := p_updcount + 1;
    END IF;
END LOOP;
:P232_UPDATE_NUMBER := p_updcount;
END;
{code}
In the same process, success message looks like:
Number of updated records: &P232_UPDATE_NUMBER. .
Item :P232_UPDATE_NUMBER is text item.
Even if i set default value in item, it doesn't work. Value is shown in item, but not in message.
Message looks like: Number of updated records: .
Items "Source used" is set to Only when...
If i set it to Always, ..., value doesn't appear in item.
Any idea?
Thanks.
Regards,
Dejan

Hi,
If i write code to check for updates after header, it is not necesary true that the user already updated some columns?Or am i wrong?>
The Custom MRU has to be OnSubmit. I was talking about initialization of the Page Item
To set the value of the item in Session State set the value using Before or After Header Computation or Process.E.g. write After Header Computation for P232_UPDATE_NUMBER > Static Assignment > 0
. I am not referring to Custom MRU.As I said earlier, if your CustomMRU process runs you should see a number >= 0 in the message. You will need to initialize only, to say 0, only for situations when the Custom MRU does not run (condition evals to false).
Cheers,

APEX does not show 'Process Success Message'

Hi,
I was hoping to get help on a weird APEX issue.
I have two identical APEX pages with the same templates. One of the page does not show the process success message after it inserts to the database. It does insert, just the message does not show up.
I looked at the page that works and it is identical to this page. Does anyone have any good advice? I would really appreciate it.
Thanks!

When I see this, it usually turns out that I forgot to tick the check box for "include process success message" on a "Branch" object.

Can I change the position of "process success message"?

Hello all,
I've looked around the forum but can't seem to find away to control the position of the "process success message" that displays when an update is made in a page process.
The message appears to be centered on the page, however because I have a region with a lot of columns the user will have to scroll to the right to see the "Update Successful" message that is returned from the process.
Does anyone know how to Left Align this message on the page?
Thanks for the help!

Thanks for the help!
I was able to left align the message by modifying the page template. In my case it was the template for "One Level Tabs"
I changed the following section in Body the body, I change the align from "center" to "left"...
<td class="t3PageBody"><div class="t3Messages" align="left">#GLOBAL_NOTIFICATION##NOTIFICATION_MESSAGE#Interestingly enough it did not work for me to change the Success Message in the Subtemplate section.

How can I display SQL%ROWCOUNT in the "Process Success Message"

Hi all;
I am trying to display SQL%ROWCOUNT in the "Process Success Message" of a custom update Process.
Any ideas?

Chris,
I assume,
ORDER_ITEM_LOAD.MERGE_INTELLI_LABS ( in_DEPARTMENT_UID );
is a package / procedure you call to do something. Change the procedure and add an
out parameter to it, which will get the
SQL%ROWCOUNT
value. Then, call this package like this:
DECLARE
in_DEPARTMENT_UID NUMBER;
BEGIN
in_DEPARTMENT_UID := :P4_DEPARTMENT_UID;
ORDER_ITEM_LOAD.MERGE_INTELLI_LABS ( in_DEPARTMENT_UID, :P4_ROW_COUNT );
END;Denes Kubicek
http://deneskubicek.blogspot.com/
http://www.opal-consulting.de/training
http://htmldb.oracle.com/pls/otn/f?p=31517:1
-------------------------------------------------------------------

Dynamic formatting of Process Success Message

I have read through some of the threads that have already been raised re dynamic formatting of the process message and haven't seen how/if I can do what I would like.
I have a form with multiple process buttons which call a package and return an error code and message.
I then wrote a function to take the error code and message and a couple of other fields to format an appropriate response.
The process may return successfully but still have the error codes set (or may be null). I did note that could raise_application_error but would still have to go through some process to format the response.
But when I use the function as the response message it is just treated as a text string.
So for example I get
Action Processed.nva_batch_validate.format_response( 'VALIDATE', VALID, , );
rather than
Action Processed - Validation Successful
or
Action Processed.nva_batch_validate.format_response( 'SUBMIT', 'APPROVED','-20004' , ' Some error with submission' );
rather than
Action Processed - Submit failed Some error with submission
How can I get the Process Success Message to recognize that this is a function not text?
Or can I have another process which just uses my format_response that would put message into the Action Processed.
I don't want to have to go done the raise_application_error as I'd have to format the response within each procedure that is called and who knows what other issues this would raise.

anonymous - Create an item, say P1_MSG and set its value in your page process, after your API calls, like :P1_MSG := Action Processed.nva_batch_validate.format_response( 'VALIDATE', VALID, , );
Then put &P1_MSG. in the process success message field.
Scott

Success message

Hello friends,
I am using apex 4.2. Theme 23.
I have Skillbuilder Modal Page DA to be fired when X event :
Auto-close On Element Selector : #uSuccessMessageAnd the Modal page works fine, but when closing the modal page, the success message does not show up:
I have Execute Java script when Auto close skillbuilders modal page:
$('#uSuccessMessage')
.hide()
.empty()
.append(this.data.$modalPageCloseObject)
.slideDown('slow');** The branch on the Page that shows up on the Modal Page includes process success message.
What did I miss ??
Regards,
Fateh
Edited by: Fateh on Nov 5, 2012 4:22 AM

Fateh,
I found the email you sent me with the demo login. If possible as that to the blog post in the future so that others can help.
First, you need to start using Firefox w/Firebug. I was immediately able to spot an error. Here's the code you had before:
$('#uSuccessMessage')
   .hide()
   .empty()
   .append(this.data.$modalPageCloseObject)
   .slideDown('slow');
var successMessage = this.data.$modalPageCloseObject;
var custObjText = successMessage.find('#uSuccessMessage').text();
var custObj = $.parseJSON(custObjText);
$s('P1_X', custObj.someProp);I'm not sure what you're trying to do with the bottom part, but as it was creating an error and it's not related to the success message, I'm removing it for now.
Second,
The top part of the code works, as you know, with other themes but not the new one. The important thing to do is understand how the code is working so that you can adapt it as needed. Here's some new code that does work for your new theme:
var $successMessage = this.data.$modalPageCloseObject;
$('#uSuccessMessage').remove();
$successMessage
   .hide()
   .insertAfter('#uHeader')
   .slideDown('slow');Spend some time looking up how the jQuery methods work to understand why the changes were needed. It will be time well spent. :)
Regards,
Dan
blog: http://DanielMcghan.us/
work: http://SkillBuilders.com/APEX/

How to include HTML tags in a success message?

I have seen a few posts on this topic in the past, but have not seen a definitive response...apologies if this has been answered.
I would like to have a dynamic process success message that includes some HTML tags in it - in this case an anchor tag that can jump the user back to the object he/she just edited.
So, I build up a dynamic success message in a page variable - say P10_SUCCESS_MSG - and set the Process Success Message field in the relevant Process to &P10_SUCCESS_MSG.
The problem is that when the page template substitutes in my message for #SUCCESS_MESSAGE# it looks like it also escapes any HTML tags, so the markup gets displayed literally on the page.
Is there any recommended way to override or get around this behavior?
Many thanks,
Bill

I just noticed that it looks like the success message is passed around on the URL - when I look at my URL after a successful form process, I see &success_msg=BIG_UGLY_ESCAPED_SUCCESS_MSG_HERE embedded in the URL. If this is the case, I can see why - technically - it ends up getting escaped. Looks like I may have to figure out my own hack for success message processing - maybe some weird post-processing of a placeholder success token that I replace in a page 0 process or something...

Is it possible to display the values of variables in the "Process Success"

Process Success Message location?
I have a single page which allows two different things which might be accomplished depending on what the user does. I'd like to give a confirmation message to the user as to what it is they just successfully accomplished.

Ok I see. I should use &var.
Edited by: xerosaburu on Aug 18, 2009 11:37 AM

PL/SQL process returning message with more than 4000 chars

In our apex application we are using a pl/sql process returning a message.
This message should be shown to the user.
Our problem is now, that the application items in APEX seem to be limited to 4000 chars and the message can be longer.
We are also not able to use a collection, because we can't print the content of a collection in the "Process Success Message".
Here is the content of a page process which is running on page load after header:
Name - Type: PL/SQL anonymous block
Source - Process: :AI_TEST := p0001_pkg.get_text;
Messages - Process Success Message: &AI_TEST.
Image from process [https://twitter.com/OliverLemm/status/324058809138032640/photo/1/large]
If the page is called the result is this error message:
ORA-06502: PL/SQL: numeric or value error: character string buffer too small
Technical Info (only visible for developers)
is_internal_error: false
ora_sqlcode: -6502
ora_sqlerrm: ORA-06502: PL/SQL: numeric or value error: character string buffer too small
component.type: APEX_APPLICATION_PAGE_PROCESS
component.id: 16433072916569237418
component.name: get_text
error_backtrace:
ORA-06512: at "APEX_040200.WWV_FLOW_PROCESS", line 100
ORA-06512: at "APEX_040200.WWV_FLOW_PROCESS", line 141
Edited by: Oliver L on 16.04.2013 09:17

no an item like P0_TEST on page 0 / global page also does not help.
But the error is not the application item / page item it's the problem that the "Process Success Message" can't handle more than 4000 chars.
I tried to paste a string into the process success message, but the error "Error processing row. ORA-01461: can bind a LONG value only for insert into a LONG column" occured even when i filled the textarea and saved the process.
So there's no problem with the application item or page item.
Edited by: Oliver L on 16.04.2013 10:00

How to display Success Message on the Left side of Screen

I am displaying a Process Success Message after the ApplyMRU process, *#MRU_COUNT# row(s) updated*. By default, this message is displayed at the center of the screen. I would like to display this message at the left hand side of the screen.
I am using APEX 4.0; Theme Sand - 10. I have tried changing the alignment for the success message position in the Page Template – One Level Tabs, HTML Body section. But I am not having any luck.
Does anyone know how to change/override the default position for the success message?
Thanks

Andy,
I tried what you suggested and the success message is still being displayed in the center of the page.
I went to Template --> Page --> One Level Tabs. In the Header, I put the following lines before the </head>
<style type="text/css">
.t10messages {text-align:left;}
</style>
</head>
<body #ONLOAD#>
#FORM_OPEN#
I do not have any other custom CSS. Just strictly using Theme 10 - Sand
Any ideas on what else could be the reason?
Thanks,
DP
Sorry for the delayed response - out for holidays.

Multi-line success messages

APEX 4.2.1
How does one go about creating multiple lines (with the HTML BR tag) in a success message? Using BR in the Process Success Message attribute works e.g. Line1 BR Line2 but when creating a dynamic success message by assigning the value (with embedded BR tags) to a page item and using &P1_X. notation in the success message attribute, the BR tag is escaped and shows up on the message shown on the screen
Ideas? Thanks

Figured it out. Create a Display Only page item with Save Session State=No and Escape Special Characters=No with a display condition of Never
In the process code, assign the success message including the BR tags to this display-only page item. Use &P1_DISPLAY. in the process Success Message.
Hope that helps someone.

Display success message when validate is successful

This sounds like the simplest thing but there is no box to put a success message in for validates. I have a text area that resets a database password, I would like to display "password changed successfully" in the region of the page this is on. I've tried setting and clearing some variables but they always seem to be set when I don't want them to be or vice versa.
And yes I am new to this, as if you couldn't tell.......

blp,
This should not involve page validations. You should be using a page process to reset the password. Then you can check "include process success message" in the page branch definition.
Scott

Using procedure output parameter in success message

I have a page process which calls a database procedure with 2 output parameters.
The source for my page process looks like this:
DECLARE
   --variables to hold output parameters
   matched_count NUMBER;
   unmatched_count NUMBER;
BEGIN
   USP_MATCH_PROCESS (matched_count, unmatched_count);
END;I'd like to be able to display the value of the 2 output parameters in the Process Success Message for the process.
Is there a simple way to do this or do I have to create hidden page items and populate these from the source code, then reference these? Or even better, can I reference the variables in the source directly from the Process Success Message?

Hi,
You can use something like this :-
apex_application.g_print_success_message := matched_count||' '|| unmatched_count;
Regards
Paul

Script in Process Success Message. No go in chrome(ium)

Similar Messages

Maybe you are looking for