How to Add Custom JavaScript #6839
Replies: 4 comments 12 replies
-
Thanks for sharing @R2bEEaton. This really helped me to find a solution to my specific challenge: #12143 |
Beta Was this translation helpful? Give feedback.
-
Hello @R2bEEaton @SufiSR , Thanks for sharing! I'm trying to use a long form field as a search field using the javascript code below (disable enter key/new line for textarea), but it doesn't work in embed widget. Could you help me? Thank you
|
Beta Was this translation helpful? Give feedback.
-
Thank you so much @R2bEEaton ! This solves part of the problem. But what is now blocking the code from working on my search field is that BudiBase does not generate
|
Beta Was this translation helpful? Give feedback.
-
Hi @R2bEEaton . After updating Budibase and apps to 3.2.29 the hack no longer works. JS will not execute and if you check console gives an CORS error and suggests adding some headers or hash if having access to backend. Have you found a new workaround? |
Beta Was this translation helpful? Give feedback.
-
Disclaimer
The following is sketchy behavior known as Cross Site Scripting (What is XSS?). Some browsers or good company firewalls can block this kind of thing. Budibase is often used for internal apps, so most people should be able to use this without a problem if you know your company's policies or, better yet, if you're the one making them.
I am a user of Budibase, not a maintainer.
How to Inject JavaScript Code
This is just a quick guide for how to add custom JavaScript into Budibase. I'm sure it's been done before, but I couldn't find any information on it here in discussions, so I figured I might as well share.
<script>
tags for XSS security reasons (Import a script from the embed element #1892). We can work around this! This method of injecting JavaScript still involves an Embed component.Practical Example
An example of what this could be used for can be found here: #6721.
And here is the Budibase export so you can examine it further (though there's not much else that the explanation doesn't cover):
Updating Time Example-export-1657913724917.txt
How it Works
An image element with an empty
src
attribute will throw an error that can be used to trigger the built-inonerror
attribute, containing our JavaScript code. This code will run as soon as the "hijacked" image is loaded by the browser.The browser compatibility for this feature can be found here: https://caniuse.com/mdn-html_elements_img_onerror
If this doesn't work:
Review this page to find an option that works for you depending on your needs.
Hope this helps!
Beta Was this translation helpful? Give feedback.
All reactions