Trying this but get Error lang is not defined
<dmx-value id="lang" dmx-bind:value="'es'"></dmx-value>
<% if (lang.value === 'es') { %>
test condition
<% } %>
Any idea?
You are using a server condition with a client side variable as the condition, lang is not defined as the condition is ran server side which is before lang exists
1 Like
Well the:
<dmx-value id="lang" dmx-bind:value="'es'"></dmx-value>
Renders on page load, on the client side.
The rest of the code uses server side rendering, before page load, so the data you are referring to is not yet available.
1 Like
Any solution?? or suggestion to achieve this?
Well, you can check:
I am concerned about security issues related to the visibility of my code in the page source. I want to include a Flow code that should only be executed when users are logged in. However, if someone views the page source code, they can see this code even though it is not displayed in the DOM. This raises potential security risks, and I would like to address them.
Maybe explain in more details what code do you want to use and what exactly are you trying to do.
This two flows only work when you are a registered user and logged in.
<script is="dmx-flow" id="closeCancel" type="text/dmx-flow">{
runJS: {function: "closeModal", name: "closeModal", outputType: "text"}
}
</script>
<script is="dmx-flow" id="closeUpdate" type="text/dmx-flow">[
{
run: {action: "{{serverconnectform1.submit()}}", outputType: "text"}
},
{
run: {action: "{{BycomContent.load({})}}", outputType: "text"}
},
{
runJS: {function: "closeModal", name: "closeModal", outputType: "text"}
}
]
</script>
I prefer to not display this code on source code until you are not a logged user.
Is that possible?
May I just ask where the security issue would be from this been in the source?
The first flow just seems to close a modal and the second one submits a form and loads some data that I assume is updated by that form. As long as you have protected the server actions the form and the BycomContent load having them in the source shouldn’t really be a issue the server action is where the main security comes into play for example if I was to visit a url like www.host.com/api/get_data I would be able to see what is returned unless you protected this action using the security restrict
2 Likes
On Globals, run the Security Identify step, which returns the ID the of logged in user
In your EJS condition, check if the identity is not zero
There is a very easy solution to this by applying the Security Identity.
I do not have the time today, but will show you the solution - if one has not already been supplied in the meantime - tomorrow.
1 Like
Have a look at
Bookmark item with an account - Wappler General / How To - Wappler Community
and use a conditional area to do whatever you need to do, using the user ID as the condition.
I totally got the idea. Only whats the expression for condition?? user_ID != 0??
The expression is identity taken from the server connect. If a user has logged in, the expression will be true and the events within the condition will be executed. If no user has logged in, the condition will be false and nothing takes place.
Please only create one topic for the same question:
Hide elements from Page Source Code
You have people answering and not seeing others’ responses so therefore potentially wasting time