cancel
Showing results for 
Search instead for 
Did you mean: 

Creating a custom portal framework page

Amey-Mogare
Contributor
0 Kudos
151

Hi,

How do I develop a portal framework page in NWDS?

I want to know if there is any way to create a custom portal framework page which will take some URL parameter one of them would be an iView id.

This page should render iView inside it.

How to do all these in code?

Please help.

Thanks and regards,

Amey

View Entire Topic
Qualiture
Active Contributor
0 Kudos

Hi,

Why do you want to 'develop' a frameworkpage?

A frameworkpage is merely a different representation of a Page, i.e. it consists of a layout and a couple of iViews (masthead, TLN, etc) so there's not much you can develop I'm afraid

Are you looking at a way of creating a custom layout for a frameworkpage, have a look at http://help.sap.com/saphelp_nw70/helpdata/en/1c/0a3bcb9149453aab0132425c6f7cdf/frameset.htm

Amey-Mogare
Contributor
0 Kudos

Hi Robin,

Thanks for reply. It was very helpful. (especially the diagram)

I guess what I need is portal *innerpage" not framework page.

Current scenario

1. We have a search input field in toolarea

2. when user enters his search query and clicks on Go,

- an URL to our internal search engine is prepared

- Inside toolareaiView.jsp, EPCM.navigate() is used to navigate to

"mySearch" iView along with two parameters, URL and SYSTEM (in addition to normal navigationTarget & all)

3. This mySearch iView is displayed in Portal's "innerpage" region mentioned in the link you provided.

The issue we are facing

- This design is prone to reflective XSS attack.

- If a any script or alert is supplied in URL or SYSTEM parameter, it gets executed even before navigating to mySearch iView.

Hence, I want to know where I can get hold of these parameters and validate or encode them so as to nullify the script execution.

Any ideas?

Please help.

Thanks and regards,

Amey

Qualiture
Active Contributor
0 Kudos

Hi Amey,

What you could do is store your parameters in the Client Data Bag (http://help.sap.com/saphelp_nw72/helpdata/en/4a/2a010cab9247dbe10000000a42189c/frameset.htm) and by using portal eventing have your 'detail' iView retrieve, validate and process the stored parameters

Hope this helps!

Robin van het Hof

Amey-Mogare
Contributor
0 Kudos

Hi Robin,

Thank you !

That was indeed very informative and new learning for me.

Well, I understood that in my toolareaiView.jsp, I can use Client Data Bag API to store and retrieve data as follows: -


//Storing
    var selectedPerson = "JohnDoe"
    EPCM.storeClientData ("urn:com.sap.portal:testApp", "personSelected", selectedPerson);

//Retrieving
    var person = EPCM.loadClientData("urn:com.sap.portal:testApp", "personSelected");
    if (person != null){   /* process person */ }

Actually, I want to validate them at server side (in the case when a hacker prepares a malicious URL and hits on the browser bypassing jsp)

Is there any way to retrieve them in server side?

Qualiture
Active Contributor
0 Kudos

Hi Amey,

In Web Dynpro, you could use the WDScopeUtil class to server-side store and retrieve data from the client databag

In your case, I believe you should use the 'plain' Java way of accessing the client data bag using the com.sapportals.portal.prt.service.epcftoolbox package.

Have a look at http://help.sap.com/javadocs/nw04s/sps09/ep/com/sapportals/portal/prt/service/epcftoolbox/package-su... for a detailed API

Hope this helps!

Robin

Amey-Mogare
Contributor
0 Kudos

Thank you Robin!