Tuesday, September 18, 2018

Orbeon Forms 2018.1.1 PE and CE

Today we released Orbeon Forms 2018.1.1 PE and Orbeon Forms 2018.1.1 CE. This update to Orbeon Forms 2018.1 contains bug-fixes and is recommended for all Orbeon Forms 2018.1 users. [1]

 This release addresses the following issues:
  • convert to List first so indexes are in expected order (#3736)
  • max-width not to apply to label/hint (#3730)
You can download the latest version of Orbeon Forms from the downloads page.

Don’t forget to grab a trial license for the PE version.

Please send feedback:
We hope you enjoy this release!
  1. Exceptionally, we also released a point release for the Community Edition, 2018.1.1 CE, due to the severity of issue #3736.  ↩
Posted by at No comments:

Thursday, September 6, 2018

Orbeon Forms 2018.1

Today we released Orbeon Forms 2018.1, the first major release of Orbeon Forms in 2018! This release is packed with new features and enhancements which should help form authors and form users be more productive.

Major features and enhancement

    Performance enhancements for large forms

    Large forms (with hundreds or even thousands of form fields) using the wizard view now use much less HTML markup, as only the content of the visible page is sent to the web browser (lazy page load). In order for this to be effective, your form should be split into sections and subsections.

     The Number and Currency fields use less HTML markup. This is useful for forms which have a large number of such fields.

     The wizard view and the error summary have been improved to update faster for large forms. In addition, the error summary no longer shows all the errors immediately when a large number of errors is present. (doc)

    Drag and drop of grid cell boundaries

    Orbeon Forms 2017.2 introduced the new 12-column grid layout, but if you wanted to move cell boundaries with Form Builder you had to use icon buttons. With Orbeon Forms 2018.1, you adjust cell boundaries via drag and drop. (doc)

    Dragging cell boundaries horizontally

    Field-level encryption

    This feature allows form authors to mark certain fields so that data entered by users in those fields is encrypted when stored in the database. This is typically used for fields used to capture personal information, also referred to as "personally identifiable information" (PII), "sensitive personal information" (SPI), or "personal information," depending on the context. Encrypting such information can help you with compliance with privacy laws, such as GDPR. (doc)

    Option to encrypt data at rest for a given form field


    Support for strict Content-Security-Policy header

    Orbeon Forms now works with a Content-Security-Policy header which disables inline scripts and CSS. Optionally, Orbeon Forms can also set the Content-Security-Policy header directly. (docblog post)

    Dynamic labels, hints, and help messages

    Controls now support dynamic labels, hints, and help messages, and sections support dynamic labels and help messages. This means that instead of being specified once and for all at form design time, labels, hints and help messages can incorporate dynamic parts such as control values and other custom expressions. (template syntax doc, dynamic labels, helps and label messages doc, sections doc).

    Dynamic label


    Automatic calculations dependencies by default

    Orbeon Forms adds a user interface setting to enable and disable automatic calculations dependencies in the "Form Settings" dialog. In addition, for new form definitions, the "Automatic Calculations Dependencies" option is enabled by default starting with Orbeon Forms 2018.1. (doc)

    Automatic calculations dependencies setting


    Email templates

    The email subject and email body can now be dynamic, that is, include content which comes from form controls or can be calculated with a formula. You can also set email subject and body directly within Form Builder, and have separate subjects and bodies for each form language. (doc)

    Dynamic email body


    Wizard enhancements

    The wizard view includes a number of fixes to highlight section status as the user fills out data.

    Wizard status
    Wizard options are now grouped under a separate tab of the Form Settings dialog. Options to control several aspects of the wizard are now directly accessible from Form Builder.

    Wizard Options tab


    Multiple PDF templates

    Orbeon Forms now supports multiple PDF templates for a given form. They can differ by language and/or by a custom name. (doc)

    Attaching multiple PDF templates

    Other features and enhancements

      Form Runner

      • Accessibility: calculated value fields are readable by screen readers (#3583).
      • The lease feature works with databases other than SQL Server (#3471).
      • By default, alerts now have an arrow pointing to the field (#3415).
      • Orbeon Forms upgraded to reCAPTCHA v2 (#3551).
      • Orbeon Forms upgraded to TinyMCE 4 (#1753).
      • The wizard TOC visibility is improved and scrolls as needed when possible (#3222).
      • Support for Liferay DXP GA4 and newer (#3314).
      • Formulas
        • A new function allows retrieving the current form title (#3559).
        • A new function allows accessing the value of a form field (#2910).
      • Icons have been updated to high-resolution for high DPI displays.

        Other new features and bug-fixes

        Including the features and enhancements above, we closed over 170 issues since Orbeon Forms 2017.2.

        Internationalization

        See Localizing Orbeon Forms for the latest localization support. Localization depends on volunteers, so please let us know if you want to help!

        Browser support

        • Form Builder (creating forms)
          • Chrome 69 (latest stable version)
          • Firefox 62 (latest stable version) and the current Firefox ESR
          • Microsoft Edge 17 (latest stable release)
          • Safari 11 (latest stable version)
        • Form Runner (accessing form)
          • All browsers supported by Form Builder (see above)
          • IE10, IE11, Edge 15 and Edge 16
          • Safari Mobile on iOS 11
          • Chrome for Android (stable channel)

        Compatibility notes

        Internet Explorer support

        Support for IE9 is removed.

        XForms event handling

        Non-relevant event handlers no longer run. (doc)

        XForms repeat updates upon xf:insert and xf:delete

        With previous versions, the xf:insert and xf:delete actions attempted to update repeats immediately after completion, independently from regular UI refreshes. With this version, this behavior is disabled by default and deprecated. (doc)

        Migration to TinyMCE 4

        We have migrated to TinyMCE 4. If you are providing custom configuration to the older TinyMCE 3, you have to update such configurations.

        Restriction on uses of the file: protocol

        The file: protocol is now limited to accessing temporary files. (#3577)

        Removal of noscript mode

        The noscript mode, which was deprecated since Orbeon Forms 2016.3, has now been entirely removed from Orbeon Forms.

        Download and feedback

        You can download the latest version of Orbeon Forms from the downloads page.

        Don't forget to grab a trial license for the PE version.

        Please send feedback:
        We hope you enjoy this release!
        Posted by at No comments:

        Wednesday, August 22, 2018

        Improving security with the Content-Security-Policy header

        Securing web applications is always difficult and a moving target. Fairly recently, web browsers have started supporting the Content-Security-Policy HTTP header. This header is designed to help fight Cross Site Scripting (XSS) and data injection attacks.

        Content-Security-Policy is very configurable. Some organizations set that header to strict values which disallow inline JavaScript and CSS within HTML pages. What this means is that anything like this is rejected by the web browser:

        <script type="text/javascript">
    function foo() { alert("Hello!"); }
</script>

        Up until Orbeon Forms 2017.2, Orbeon Forms includes some inline scripts and CSS in the HTML served to the browser. The purpose of this is, in particular, to provide some data and functions specific to the current form. So setting a Content-Security-Policy header which disables inline scripts and CSS would break Orbeon Forms.

        With Orbeon Forms 2018.1 and newer, on the other hand, Orbeon Forms no longer produces inline scripts and CSS this by default. This can make Orbeon Forms safer by default if you set a stricter Content-Security-Policy.

        In addition, and optionally, Orbeon Forms can generate the Content-Security-Policy header for you via a very simple configuration.

        More details are available in the documentation.

        We hope you like this new feature of the upcoming Orbeon Forms 2018.1.

        Posted by at No comments:

        Wednesday, May 23, 2018

        The 12-column layout

        Since the early days of Form Builder, all form controls are placed within grids. The basic idea of a grid, of course, is to have rows and columns. Until Orbeon Forms 2017.1 included, with Form Builder, each grid could have from 1 to 4 columns [1]. Spanning rows in a grid was possible, but spanning columns was not. This system served Orbeon Forms users well for a long time.

        Orbeon Forms 2017.2 made an important change and introduced a 12-column layout [2]. What this means is that instead of varying the number of columns of a grid, you vary how many columns a control spans. So if you previously had a text area taking the entire width of a one-column grid, now you have a control taking 12 columns in that 12-column grid; a 4-column grid translates into a grid with controls each taking 3 columns, and so on.

        You might wonder why we picked 12 columns. The answer is simple: the number 12 is divisible by 1, 2, 3, 4 and 6, and it is not “too small” or “too large” [3]. This means that it is possible to be backward-compatible with the previous 1–4 column system but also allows for more flexibility in the placement of controls since the granularity is now 1/12th of the width of the grid [4]. In short, using 12 columns is a good compromise.

        Grid Columns
        Orbeon Forms 2017.1        		 Column Span
        Orbeon Forms 2017.2
        1 12
        2 6
        3 4
        4 3
        5 2 [5]
        6 2

        With Orbeon Forms 2017.2, you can expand, shrink, split and merge cells with icons that show within each cell. And now with the upcoming Orbeon Forms 2018.1, we are enhancing the 12-column layout with drag and drop of cell borders. This means that you can resize a cell to take from 1 to 12 columns, depending on the cell’s location, instead of using icons.

        Single grid with flexible layout
        Single grid with flexible layout

        And, in case you had missed, it, you can also drag and drop controls between cells now since Orbeon Forms 2017.2!

        We hope that you will like these changes and the increased flexibility that comes with them!

        1. With the option to extend that number at the risk of having funny-looking layouts.  ↩

        2. The 12-column layout applies to wider displays. For narrow displays like phones in portrait mode, each field shows on a single row. In the future, we can imagine separate configurations for other displays widths.  ↩

        3. Bootstrap grids use a 12-column system as well.  ↩

        4. Form Builder and Form Runner required major changes for this to happen.  ↩

        5. 5 is not a divisor of 12, and so such rarely-used grid widths convert to 10-out-of–12 columns with changes we just introduced in Orbeon Forms 2017.2.2.  ↩

        Posted by at No comments:

        Friday, May 18, 2018

        Orbeon Forms 2017.2.2 PE

        Today we released Orbeon Forms 2017.2.2 PE. This update to Orbeon Forms 2017.2 PE contains bug-fixes and is recommended for all Orbeon Forms 2017.2 PE and Orbeon Forms 2017.2.1 PE users.

        This release addresses the following issues:
          • Form Builder
            • Collapsible section breaks editor icons (#3530)
            • 5-column grid should be migrated to a better layout (#3594)
          • Form Runner
            • `NoSuchElementException` on second `fr-send-submission` (#3568)
            • Upgrade to reCAPTCHA v2 (#3551)
            • XPath error when relinquishing lease with form using a wizard (#3566)
            • 5-column grid doesn't render well in automatic PDF (#3423)
            • Help popover for radio button shown over the field (#3567)
            • Help showing off-screen on mobile (#3557)
            • Combined .js should not respond to other extensions (#3545)
            • Error in log: "Invalid reference to captcha component" (#3544)
            • XPath error when adding `<fr:buttons>` with `<fr:pdf-button/>` (#3543)
            • Missing `role="presentation"` in grid (#3536)
            • Multi-row minimal repeated grid looks garbled in Form Runner (#3527)
            • Exclusive radio in PDF template not set based on dropdown (#3461)
            • Change in title on minimal trigger has no effect on client (#3561)
            • Can't see file attached by user with "more permissions" (#3541)
            • Improve visibility of wizard TOC (#3222)
          You can download the latest version of Orbeon Forms from the downloads page.
            Don't forget to grab a trial license for the PE version.

            Please send feedback:
            We hope you enjoy this release!
            Posted by at No comments:

            Wednesday, March 21, 2018

            High-Availability Thanks to State Replication

            Orbeon Forms has supported load balanced and failover configurations for a long time. This allows you to ensure that if a server fails, a user can still access her forms. But until now, users with active sessions could lose work [1] as form state was stored in memory on the failed server. Enabling the servlet container’s session replication wasn’t enough, as Orbeon Forms stores some information outside of the servlet session.

            With Orbeon Forms 2017.2, we introduced replication. Replication provide high-availability of Orbeon Forms with as little disruption as possible to users currently filling out forms.

            This works by replicating the in-memory state from one server to one or more other servers. If one server with an active form session fails, the load balancer can simply redirect the user to another server. Since the state has been replicated there, the session can continue operating.

            This is transparent to the user, except that the first request just after the failure of a server might take a little bit more time to complete due to the load balancer redirection and the need to rebuild some data structures in memory on the new server. This is also the reason the load balancer still keeps a user assigned to a given server when possible.

            Orbeon Forms achieves this replication by enabling the replication of servlet sessions and caches. All current state in memory, whether in the session or relevant caches, is replicated so that work can be resumed on other servers when needed.

            The replication configuration includes:
            • a load balancer, such as HAProxy
            • two (or more) Orbeon Forms servers


            The Orbeon Forms servers must be able to communicate with each other via IP multicast, which means that they must be on the same network, physical or virtual.

            This does not include database replication, which must be configured, if necessary, at the database level. In a basic configuration, all the Orbeon Forms instances would talk to a central database.

            For more information, see the documentation on replication.

            We hope you will enjoy this new feature!
            1. Unless you use the autosave feature. But this feature only works for logged-in users.  ↩
            Posted by at No comments:

            Friday, March 16, 2018

            Orbeon Forms 2017.2.1 PE

            Today we released Orbeon Forms 2017.2.1 PE. This update to Orbeon Forms 2017.2 PE contains bug-fixes and is recommended for all Orbeon Forms 2017.2 PE users.

            This release addresses the following issues:
              • Form Builder
                • Toolbar doesn't scroll properly with Firefox (#3438)
                • Label disappears when clicking quickly (#3449)
                • Large form no longer closes sections (#3478)
                • Review use of HTML elements in ControlLabelHintTextEditor (#3409)
                • Can't find `bowser.min.js` when disabling combined resources (#3445)
                • Disabling the wizard view from form settings doesn't work (#3490)
                • Minimal repeated section looks garbled in Form Builder (#3501)
                • Minimal repeated grid looks garbled in Form Builder (#3519)
                • Form with xf:label for fr:view fails to paste in Form Builder (#3450)
                • No browser warning for IE 11 or Edge < 16 (#3437)
              • Form Runner
                • Fixes to the lease system
                  • New `relinquish-lease` action, called by default before navigation (#3467)
                  • Don't require a lease to generate a PDF (#3466)
                  • Never acquire a lease when running a process in background (#3489)
                  • Fix databases other than SQL Server (#3471)
                • Wizard
                  • XPath error when the wizard has only one page (#3492)
                  • Page number doesn't show if first page is subsection (#3433)
                  • Cannot activate TOC subsection links (#3513)
                  • Next in last section doesn't navigate to next subsection (#3516)
                  • Section template doesn't update section status (#3483)
                  • Subsection navigation: highlight current subsection (#3518)
                • Other
                  • 12-column grids don't layout correctly in PDF (#3469)
                  • YUI dialogs initialize even if initially hidden and cause Recalculate Style (#3452)
                  • Property to setup whether a provider supports reindexing (#3486)
                  • JavaScript error when using `xf:dialog` inside `xf:repeat` (#3491)
                  • File upload unreliably marked as invalid (#3508)
                  • Errors in logs about failed processes (#3517)
              • Platform
                • Do not include xml-apis JAR (#3444)
                • saxon:parse() must disable external entities (#3468)
              You can download the latest version of Orbeon Forms from the downloads page.
                Don't forget to grab a trial license for the PE version.

                Please send feedback:
                We hope you enjoy this release!
                Posted by at No comments:
                Subscribe to: Posts (Atom)