Versions Compared

Old Version 24

changes.mady.by.user Marcel Ververs

Saved on

compared with

New Version 25

changes.mady.by.user Bart Adriaanse

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Starting with version 2018.02, a predefined display has been added so you can configure it in <explorerTask> in Explorer.xml.as follows::

Code Block
xml
xml
		<explorerTask name="Web Browser Display">
			<iconFile>document.png</iconFile>
			<mnemonic>h</mnemonic>
			<predefinedDisplay>web browser</predefinedDisplay>
			<toolbarTask>false</toolbarTask>
			<menubarTask>true</menubarTask>
			<accelerator>ctrl h</accelerator>
			<loadAtStartup>false</loadAtStartup>
		</explorerTask>

Please be aware that you refer to an existing <iconFile> in your configuration!

Configuring a Whitelist

For security reasons, an extra display configuration file named WebBrowserDisplay.xml has been added where you should list domains on the internet that are considered safe for the embedded web browser so it will allow users to navigate to web pages hosted in these domains.

For example, in Topology.xml a node is linked to the url of the Deltares homepage: https://www.deltares.nl

Given this url, the embedded web browser will be allowed to load content only from the www.deltares domain using the https (secure) protocol. When you navigate to this web page by clicking this topology node in the forecast tree of Delft-FEWS Explorer UI, the Deltares homepage appears to load successfully.

However, when running in debug mode the Log panel will list a number of messages to alert the user to the fact that some content is being blocked because it has not been "whitelisted" in the WebBrowserDisplay.xml configuration file. This content is coming mostly from google domains (i.e. youtube.com, ajax.googleapis.com) and some of these external domains may also need to be whitelisted as well for this Deltares website to be completely functional.

Additionally, if the user tries to follow links on the Deltares home page, every page the user navigates to as well as the external content loaded by the page is checked against the "whitelist" in WebBrowserDisplay.xml to determine if the content should be allowed or blocked.

If the user directly clicks external links that have not been whitelisted (ie. the LinkedIn, Youtube, Facebook and Twitter links at the bottom of the page) Delft-FEWS Explorer will open such links using the system default browser (i.e. FireFox, Chrome, MSIE) instead of using the Delft-FEWS embedded web browser. If external content is referenced indirectly (i.e. Google API's or other external Javascript libraries, external style sheets etc.) such content will be blocked when hosted on a domain which has not been whitelisted and as a result, the page layout and functionality may be seriously affected.

An example of the WebBrowserDisplay.xml file, allowing the Deltares home page and other important pages hosted by Deltare to fully load in the embedded web browser:

Code Block
xml
xml
<?xml version="1.0" encoding="UTF-8"?>
<webBrowserDisplay xmlns="http://www.wldelft.nl/fews" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.wldelft.nl/fews http://fews.wldelft.nl/schemas/version1.0/webBrowserDisplay.xsd">
	<domainWhiteList>
		<access origin="deltares.nl" />
		<access origin="*.deltares.nl" />
	</domainWhiteList>
</webBrowserDisplay>

Origins listed in this file can consist of three parts: <protocol://host:port> where protocol and port are optional parts and only the host name can contain wildcards (* or ?). When the "http" protocol is specified, "https" is also allowed but the opposite is not the case.

Displaying Content

To display content in the Web Browser Display,topology nodes can be extended with optional URLs. In the following example, a SA test application (FEWS-Swiss was used) to show the potential variety.

...