Script injection in SharePoint OOB List forms
In SharePoint 2010 Out of box list forms Text Boxes,how can we prevent script injections?
Thank you.
Hello,
>i am able to enter script into the title and description fields.
I don't think you can stop this. You might also want to look at below MSDN for SP security.
http://msdn.microsoft.com/en-us/library/ee696753.aspx
Hemendra:Yesterday is just a memory,Tomorrow we may never see
Please remember to mark the replies as answers if they help and unmark them if they provide no help
Similar Messages
-
Working on a SharePoint 2010 Ent extranet site where parents of students can submit field trip permission forms and make payment at same time (optionally if fees involved). Was wondering if someone could advise (or point me to resource on) best way
to do a simple form post to an external payment gateway? Would be from InfoPath web form OR SharePoint 2010 list form.
Any guidance would be appreciated.
Trevoryou may create a custom visual web part for this:
http://www.codeproject.com/Articles/152280/Online-Credit-Card-Transaction-in-ASP-NET-Using-Pa -
Excel like 'Freeze column header' functionality in sharepoint OOB list view webpart
Hi,
I have OOB external list dropped on a page as listview webpart. It contains many records and hence while scrolling down headers are no available, hence it should freeze all column headers while scrolling down the page. Its directly dragged and dropped
on site page hence no server side formatting can be done.
Is there any way we can apply some client side script to freeze column headers to listview webpart while scrolling down? or any settings that can be done to acheive this?
Thanks in advance.
Regards,
RahulHi Rahul,
Normal techniques for freezing the header row of an HTML table tend to fall short when it comes to SharePoint 2010 lists due to the lack of THEAD elements.
You can try something like this, although you may want to test it in various browsers in case the column heading alignment is off.
<style>
.ms-viewheadertr{background-color:white;}
</style>
<script>
/* wrap the table in a div, set its height, give it scrollbars, and move it down */
var myTable = document.querySelector(".ms-listviewtable");
var wrapperDiv = document.createElement('div');
wrapperDiv.setAttribute("ID","FreezePaneWrapper");
wrapperDiv.setAttribute("style","OVERFLOW: auto; HEIGHT: 400px; padding-top:38px;");
wrapperDiv.appendChild(myTable.cloneNode(true));
myTable.parentNode.replaceChild(wrapperDiv,myTable);
/* Freeze the header row and move it up*/
var headerRow = document.querySelector(".ms-viewheadertr");
document.getElementById("FreezePaneWrapper").style.width = "" + headerRow.scrollWidth + "px";
headerRow.style.width = "" + headerRow.scrollWidth + "px";
headerRow.style.position = "absolute";
headerRow.style.top = ""+(headerRow.offsetTop-39)+"px";
/* Tell the header's columns to be the same width as the cells in the first "alternating" row */
var columns = document.querySelector("table.ms-listviewtable tr.ms-alternating").querySelectorAll("tr>td");
headers = document.querySelectorAll("tr.ms-viewheadertr th");
for(var i = 0; i < headers.length; i++){
if(columns[i].scrollWidth > headers[i].scrollWidth){
headers[i].style.width = ""+columns[i].scrollWidth + "px";
}else{
columns[i].style.width = ""+headers[i].scrollWidth + "px";
</script>
Edit: Also, you may want to inspect the HTML attributes on the external list view to be sure the class names match up with the querySelector parameters above. Specifically, the table should have a class of "ms-listviewtable", the header row should
have a class of "ms-viewheadertr", and rows of alternating background color should have a class of "ms-alternating".
If any of those are different in your case, you may be able to adjust the above code accordingly. -
How to add .js link in custom list form through sharepoint designer 2013
hi friends
so far i was adding jquery code to script editor webpart in custom list form.
but i need to know how to add .js link in custom list form through sharepoint designer 2013
please help me.Hi,
We can add the "JS Link Property" in the “WebPart” node in the custom list form page through SharePoint designer 2013.
Here is an example for your reference:
<JSLink xmlns="http://schemas.microsoft.com/WebPart/v2/ListForm">~site/Style Library/js/custom.js</JSLink>
Noticed that, we should not lose the 'xmlns="http://schemas.microsoft.com/WebPart/v2/ListForm' attribute.
Best Regards
Dennis Guo
TechNet Community Support -
Custom List Form - newform.aspx with code behind - beginner
Hi,
I am working on a request whereby I have to customize the NewForm.aspx. The form will have roughly about 30 controls. One of the controls on the form will pull data from a web service. Another will pull data from a sharepoint list, this is quite complex
as there will be some logic involved. The form data will then be input as the items into the Main SharePoint list.
I do know that there will be some code behind on the custom NewForm.aspx, and that it has to be done on Visual Studio.
I am confused between the application page, custom form web part, or is there any others missing out. Which one of this the best practice, also can someone point out some msdn articles. I found some on the Net, but I find the guides too complicated and am
finding it difficult to understand.
Please helpIt depends on how your users will interact with the list, are they going to use list newform.aspx to submit the data or will you be providing separate interface to submit the data. You can always go with custom webpart to incorporate all your business logic
along with the interface required for end users.
building custom webparts in SharePoint 2010
http://www.dotnetmafia.com/blogs/dotnettipoftheday/archive/2010/02/15/intro-to-sharepoint-2010-development-how-to-build-and-deploy-a-web-part.aspx
Custom List form
http://blog.karstein-consulting.com/2010/12/29/walkthrough-create-custom-sharepoint-2010-list-form-for-deployment-in-a-visual-studio-2010-project/
My Blog- http://www.sharepoint-journey.com|
If a post answers your question, please click Mark As Answer on that post and Vote as Helpful -
Custom List Form creation using Powershell - SharePoint 2013
Hi,
I have a custom List called 'IssuesList' with 4 fields - "IssueTitle","IssueID","IssueDesc","Status"
While displaying display form I should show 3 fields expect Issue ID i.e. IssueID should be hidden.
and on edit form only Status field should be editable. So using SharePoint designer I created respective Edit form and display forms and changed XSLT to control the display mode on the fields.
I have everything scripted in powershell till now - creation of custom list, publishing pages, webparts etc. however I am looking for how to provision or associate these 2 list forms with IssuesList after I create the list in new site.
I have restrictions on using wsp and site/list template due to business needs. So I need to know if there is any way I can upload these 2 files after I create custom list in powershell and associate them as defaultdisplay and defauteditforms?
Please advise.Hi,
Per my understanding, you might need to apply these custom forms to a list after list creation using PowerShell.
With PowerShell with SharePoint Object Model, we can hide fields on list forms.
The similar thread below with code snippet will provide more information about this:
https://social.technet.microsoft.com/Forums/en-US/ee6fc2eb-197f-4144-94fa-8a4e438675d9/hide-a-field-from-edit-form-list?forum=sharepointgeneralprevious
If there may be other requirements except for hiding fields, as you have limitation on using custom solution package(which should be preferable in such scenario),
a workaround I can provide is that, after list creation, you can add Content Editor Web Part contains the CSS style or JavaScript to the form pages of a specific list, it will help you hide/disable the specific elements, this can be achieved programmatically.
The code below can add a Content Editor Web Part to the DisplayForm of a list(though in C#):
public static void AddCEWP()
SPLimitedWebPartManager manager = null;
SPFile file = null;
using (SPSite site = new SPSite("http://sp"))
using (SPWeb web = site.RootWeb)
try
web.AllowUnsafeUpdates = true;
file = web.GetFile(web.Url + "/Lists/List018/DispForm.aspx");
manager = file.GetLimitedWebPartManager(PersonalizationScope.Shared);
ContentEditorWebPart webPart = new ContentEditorWebPart();
XmlDocument xmlDoc = new XmlDocument();
XmlElement xmlElement = xmlDoc.CreateElement("HtmlContent");
//xmlElement.InnerText = "<strong>Hello World!</strong>";
//write the custom CSS style or JavaScript here
string content = "<style>your custom style here...</style>";
xmlElement.InnerText = content;
webPart.Content = xmlElement;
manager.AddWebPart(webPart, "Top", 0);
manager.SaveChanges(webPart);
web.Update();
catch (Exception ex)
//Utility.SPTraceLogError(ex);
finally
if (manager != null)
manager.Dispose();
web.AllowUnsafeUpdates = false;
About how to hide fields on Standard List Forms using jQuery:
http://social.technet.microsoft.com/wiki/contents/articles/21730.sharepoint-2010-conditionally-hide-fields-on-standard-list-forms-using-jquery.aspx
http://stackoverflow.com/questions/10010405/how-to-hide-a-field-in-sharepoint-display-form-based-on-the-field-name-jquery
Thanks
Patrick Liang
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
contact [email protected]
Patrick Liang
TechNet Community Support -
hi friends
i am trying to set peoples or groups field in sharepoint list form with current user login name
here my code
<script src="http://ajax.aspnetcdn.com/ajax/jquery/jquery-1.9.0.js"></script>
<script type="text/javascript">
$(document).ready(function NewItemView () {
var currentUser;
if (SP.ClientContext != null) {
SP.SOD.executeOrDelayUntilScriptLoaded(getCurrentUser, 'SP.js');
else {
SP.SOD.executeFunc('sp.js', null, getCurrentUser);
function getCurrentUser() {
var context = new SP.ClientContext.get_current();
var web = context.get_web();
currentUser = web.get_currentUser();
context.load(currentUser);
context.executeQueryAsync(onSuccessMethod, onRequestFail);
function onSuccessMethod(sender, args) {
var account = currentUser.get_loginName();
var accountEmail = currentUser.get_email();
var currentUserAccount = account.substring(account.indexOf("|") + 1);
SetAndResolvePeoplePicker("requester",account);
// This function runs if the executeQueryAsync call fails.
function onRequestFail(sender, args) {
alert('request failed' + args.get_message() + '\n' + args.get_stackTrace());
function SetAndResolvePeoplePicker(fieldName, userAccountName) {
var controlName = fieldName;
var peoplePickerDiv = $("[id$='ClientPeoplePicker'][title='" + controlName + "']");
var peoplePickerEditor = peoplePickerDiv.find("[title='" + controlName + "']");
var spPeoplePicker = SPClientPeoplePicker.SPClientPeoplePickerDict[peoplePickerDiv[0].id];
peoplePickerEditor.val(userAccountName);
spPeoplePicker.AddUnresolvedUserFromEditor(true);
</script>
but it is not working
please help meHi,
According to your post, my understanding is that you wanted to set "peoples or groups" field with current user "login name" in SharePoint list form using JavaScript.
To set "peoples or groups" field with current user "login name”, you can use the below code:
<script src="http://ajax.aspnetcdn.com/ajax/jquery/jquery-1.9.0.js"></script>
<script type="text/javascript">
function SetPickerValue(pickerid, key, dispval) {
var xml = '<Entities Append="False" Error="" Separator=";" MaxHeight="3">';
xml = xml + PreparePickerEntityXml(key, dispval);
xml = xml + '</Entities>';
EntityEditorCallback(xml, pickerid, true);
function PreparePickerEntityXml(key, dispval) {
return '<Entity Key="' + key + '" DisplayText="' + dispval + '" IsResolved="True" Description="' + key + '"><MultipleMatches /></Entity>';
function GetCurrentUserAndInsertIntoUserField() {
var context = new SP.ClientContext.get_current();
var web = context.get_web();
this._currentUser = web.get_currentUser();
context.load(this._currentUser);
context.executeQueryAsync(Function.createDelegate(this, this.onSuccess),
Function.createDelegate(this, this.onFailure));
function onSuccess(sender, args) {
SetPickerValue('ctl00_m_g_99f3303a_dffa_4436_8bfa_3511d9ffddc0_ctl00_ctl05_ctl01_ctl00_ctl00_ctl04_ctl00_ctl00_UserField', this._currentUser.get_loginName(),
this._currentUser.get_title());
function onFaiure(sender, args) {
alert(args.get_message() + ' ' + args.get_stackTrace());
ExecuteOrDelayUntilScriptLoaded(GetCurrentUserAndInsertIntoUserField, "sp.js");
</script>
More information:
http://alexeybbb.blogspot.com/2012/10/sharepoint-set-peoplepicker-via-js.html
Best Regards,
Linda Li
Linda Li
TechNet Community Support -
Open Edit form directly when list item is clicked in Sharepoint 2013 list
Hi,
I have a list web part, wherein the user clicks the item it should open in the Edit form directly. various forum i checked was for SharePoint 2010, as we do not have design mode in SharePoint designer 2013, I am unable to do.. I know
if I the change the form type from default page to edit page, it will work, but not sure about how to go ahead. Could anyone help me to achieve this please....Sunitha,
You can do this with some jQuery and JavaScript. Look at this post:
http://brandonatkinson.blogspot.com/2013/11/open-sharepoint-2013-list-items.html
Basically, add a Script Editor Web Part to the page and include this snippet:
<script type="text/javascript" src="http://code.jquery.com/jquery-1.10.1.min.js"></script>
<script type="text/javascript">
$(function() {
// Change all display form links to edit form links
$('.ms-vb a[href*="listform.aspx"]').each(function(){
var link = $(this).attr('href');
link = link.replace("PageType=4", "PageType=6");
$(this).attr('href', link);
</script>
Brandon Atkinson
Blog: http://brandonatkinson.blogspot.com -
Restrict Which Users Can Enter Data In List Form in SharePoint Foundation 2013
Is there a way to restrict which users can enter data in particular fields in a list item entry form?
We are using a SharePoint Foundation 2013 list and calendar to manage vacation time. We need to restrict non-supervisor users users from entering a value in a certain field in the vacation request form.
Here is how the system works now:
1. Employees complete the vacation request form (which creates a list item)
2. An email is sent to their supervisor to either approve or decline the request
3. Approved requests are automatically entered onto the vacation calendar
We have restricted the list so that only supervisors can edit items (the pending vacation requests). The problem is that all users can mark their own requests as approved when they fill out the request form in the first place. Is there a way to restrict
which users can enter data in particular fields on a list item entry form?Thanks for the suggestion. We ended up 1) hiding the approval column and 2) creating a second list, workflow, etc. The user no longer sees the approval column when filling out the form. Requests are now submitted to list A. Workflow #1 copies the request
to List B, then deletes the item from List A. Once the request is added to List B, Workflow #2 emails the user that the request has been received and emails the supervisor that a request needs to be approved. Only supervisors have editing permissions on List
B. Approved requests are automatically added to the vacation calendar (the calendar view of List B).
We found the following site to be helpful in learning how to hide the list column:
http://community.bamboosolutions.com/blogs/bambooteamblog/archive/2013/06/03/how-to-hide-a-sharepoint-list-column-from-a-list-form.aspx -
Multiple filters in a drop-down list in SharePoint 2010 browser forms
I am using Infopath forms based on SharePoint 2010 lists. I am trying to filter a drop-down control based on inputs in two previous controls such that it looks up information in a list and returns options where A = A and B = B. This filter works when using
Preview in Infopath 2010, but does not work on the list itself on publishing; it only filters where A = A. The B = B filter is ignored.
1) Is there a workaround I can use so that the browser form respects the filter in the same way the Infopath form does?
or, if not:
2) Is there a way to force SharePoint 2010 to open up "new item" or "edit item" in InfoPath instead of in a browser form?
Thanks.Thanks for your help!
1) That was my concern. When I googled around, it seemed like it wasn't possible to do filters at all in DLL in browser forms, yet I had one that was working. So I was curious why one worked but two didn't.
2) When I try to publish an InfoPath form from Designer that's based on a SharePoint list, the only option it gives me is to publish to that list, not to a document library.
2a) If I did figure out how to do it, would it still submit the information to the list? I don't want a form library scenario where each list item is its own form based on a single template, I want a list I can also manage with Access. -
How to have digital signature in a Sharepoint 2013 custom list form created in InfoPath 2013?
I have a requirement that they want a form in SP13 that would allow Mobile mode. Supervisor then can sign off the form in mobile mode. Because Document Library form doesn't have Mobile client support so I decided to create this as a custom List
form. Now I'm finding out that when I right click on the section on the form to enable e-signature, there is no such option. I appreciate it if someone can give me some suggestion on how to have a form that has both Mobile mode and e-signature
support in SP13.
I also noticed that the people picker doesn't work in Mobile mode. Is that so or is there something-else I need to configure?
Thank you.Hi,
According to your description, my understanding is that you want to create an InfoPath form which supports Mobile mode and e-signature in SharePoint 2013.
Per my knowledge, the browser-based forms cannot support signature in Mobile device.
Here are some other products which are not free can achieve this goal for you to take a look:
http://forums.qdabra.com/2013/06/signing-infopath-forms-part-1-electronic-signatures/
http://www.formotus.com/16563/infopath-alternatives/infopath-forms-filling-weigh-the-options
Best regards.
Thanks
Victoria Xia
TechNet Community Support -
Workflow menu option not showing up in edit form or the ribbon in SharePoint 2010 list
In a SharePoint 2010 list I created a workflow (in SPD) and published, but in the Edit Item form, there is no Workflow option. In the ribbon, the "Workflow" button is greyed out.
But I see this option in other lists. Where is the setting I can get this workflow option show up in menu?
Thanks in advanceHi,
Glad to hear your issue solved and thanks for your posting!
Best Regards,
Eric
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
I have a custom list form created in SPD based on EditItem form. I then set field validation in Validation setting and entered a user message to display when the validation did not pass.
The validation works in the custom form but the user message never show up.
I see a similar question posted in 2012:
https://social.technet.microsoft.com/Forums/en-US/cd292b50-856f-4dfa-8cfe-aeb688ee7185/validating-fields-on-a-sharepoint-2010-custom-list-form?forum=sharepointgeneralprevious
Is this still a known bug? What is the easiest workaround?Hi ,
From the
above link you mentioned, have you tried using the code line in your custom form?
Please try the code suggested by sp-achiever and hamish, and see if it could help solve the issue.
<SharePoint:ItemValidationFailedMessage ControlMode="New" runat="server" ID="checkform" />
Have you installed hotfix KB245789 or CU contained this kb?
Please check if KB245789 has fixed this issue as KP2011 suggested in the same post, and please try it in a test environment firstly.
http://support.microsoft.com/kb/2405789
Thanks,
Daniel Yang
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you havefeedback for TechNet Subscriber Support, contact [email protected]
Daniel Yang
TechNet Community Support -
How to get and set the column order in SharePoint list forms
Hi,
I want to read the column order of the SharePoint list forms in SharePoint 2003 sites using any of the available web services and need to set the same order
in the newly created list in SharePoint 2010.
I am able to read the fields from SharePoint 2003 and creating the list with same fields in SharePoint 2010, but the column order is not maintaining in
list forms.
Also, I need to created the views from 2003 site to 2010 site.
Please help me...
Thanks in advance...Hi,
Please try to use the following code to programatically change the order.
SPList list = web.Lists["Example List"];
if (list.ContentTypes.Count > 0)
SPContentType ct = list.ContentTypes[0];
string[] names = {"Example_x0020_One", "Example_x0020_Two", "Example_x0020_Three"};
ct.FieldLinks.Reorder(names);
ct.Update();
Here is a similar thread for your reference:
https://social.technet.microsoft.com/Forums/en-US/ce66fd65-2882-4bda-8142-89e116d8b90f/how-to-set-the-order-of-the-fields-in-list-forms?forum=sharepointdevelopmentprevious
Best Regards
Dennis Guo
TechNet Community Support -
Infopath list form displays blank in edit mode in SharePoint 2010
Hi,
I have a custom list in SharePoint 2010. I am using InfoPath 2010 form to Insert and Edit list data. The list was working fine in the past days. Suddenly the InfoPath form displays nothing when I click on the Edit Item Button but its working fine in New
Item and Read Only mode. I checked Form Web Parts--> Content Type Forms--> (Item) Edit Form where the InfoPath form Web Part is missing. I added the InfoPath Form Web Part manually there then the InfoPath form displaying blank where
list data is available. All other lists are working fine in the site collection.
Would somebody help to resolve this issue?
Thanks in advance.Hi pointtoshare,
When you added a new item in the custom list, whether this issue occurred.
Whether you could customize the custom list form using InfoPath.
Please click on “Customize Form”, it will be opened with InfoPath, check whether the default view has data. And create a new view, set it as default view, publish it , compare the result.
I hope this helps.
Thanks,
Wendy
Wendy Li
TechNet Community Support
Maybe you are looking for
-
Best way to format my 16GB flash drive for Mac and PC transferring large power point files?
best way to format my 16GB flash drive for Mac and PC transferring large power point files?
-
Has anybody experienced the monitor flickering?
My 27" screen on my iMac began to flicker about 2 weeks ago and now the left side of the screen goes dark intermittently. My iMac is a late 2011 model.
-
How do I update the music in my iTunes account to my wife's on the same computer
How do I update the music in my iTunes account to my wife's itunes acc on the same computer?
-
Material transfer one company code to another company code
Dear All, I want to transfer some items to one company code to another company code. Please suggest me the process. Regards Vimal Note : Please search forum before posting. Edited by: Jeyakanthan A on Dec 26, 2011 1:25 AM
-
I cannot open microsoft attechments on my apple devices any longer
Previous to the upgrade, I could open Word, Excel and .pdf documents on my iPhone 4s and iPad 3rd generation. I can no longer do this and it is quite an inconvenience. Emails are being sent to me in HTML format from Outlook - help!