You are viewing limited content. For full access, please sign in.

Question

Question

Angular JS

Forms
Updated July 28, 2016
asked on May 22, 2015 Show version history

Hi All,

 

We have a client who is very security conscience.

During a pen test they found that they were able to retrieve a bunch of Javascript source code by browsing to the following URL: ~/Forms/bundles/ng?v=oxYxiK1Tl4ZC92JiYRq7XD_BiCvhQPemF01qJ9yCWY81:91:343

 

We were wondering firstly whether there is any data in there that is actually sensitive?

And secondly if there are any server settings we may have not enabled that would block access to it?

 

Thanks

0 0

Answer

APPROVED ANSWER SELECTED ANSWER
replied on May 22, 2015

Hi, when you download a page from the web you get the html page which you can consider the static data.  On this page there are instructions to load javascript files which the page needs to make the page more dynamic.  For example you click an signature field and a dialog pops up or a lookup needs to call the backend .  These javascript files need to be accessed by the page and are like libraries of routines.  You might be familiar with some libraries like jquery, angularjs so forth that we use.  We also have our own custom libraries like how table elements are added so on...  These libraries are obfuscated to both hide our library routines and also to minimize the size for performance but they are just instructions.  Your personal/critical data is behind a webapi where you need to authenticate to retrieve data.   

1 0
replied on July 26, 2016

Can I use Angular the same way that I use JQuery for Laserfiche Forms?

If so, we are on LF Forms version 9.2.  What version of Angular is used on that version?

0 0
replied on July 28, 2016

Hi Joe, angular is used within the product except for submission form.  Angular is not supported in older browsers and so we tried to keep the technology on the form as dated as possible.  But let that not stop you!  You are welcome to modify the cshtml file we use to load the page and include and external files you would like.  We install angular at C:\Program Files\Laserfiche\Laserfiche Forms\Forms\lib\angularjs for the main product.  You can see the version there.  A good place to add your include statement is C:\Program Files\Laserfiche\Laserfiche Forms\Forms\Views\Form\_FormLayout.cshtml.

1 0

Replies

replied on May 25, 2015

Hi,

 

Thank you for clarifying that it's just control library info.

We much appreciate the time you put into answering our query.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...