Recent Posts

Pages: 1 ... 5 6 [7] 8 9 10

Language / Re: SOLVED Second language OFF and then ON

« Last post by datahell on August 16, 2025, 21:59:00 »

Switching ON and OFF language does not affect translations saved in database. What can mess up things is changing the default language. This creates an inconsistency in translations table.

Language / SOLVED Second language OFF and then ON

« Last post by Luca on August 15, 2025, 07:51:07 »

SOLVED: I got WHY, thank you anyway for your attention:
Meanwhile the secondary language was disabled, I made some text modifications in the default language of those modules and articles, thus saving the respective secondary language part of them as BLANK, in the db!!! Stupid me.
------------------------------------

Hello everybody, I hope to find you well!

I am facing a curious behaviour, here.
For a matter of a/b testing the seo reflectings, I decided to temporarily limit my website to the default language (EN), disabling the secondary one (IT).
When I reverted back, enabling my second language again, I've found that some (not all) of the translations have been lost (gone) from the database.
Now, I really don't know if it happened in the moment I switched off or back on.
This affected some articles as well as some text modules, and I didn't expect this to happen at all...

Any clue, please?

Thanks so much!

Elxis Version   5.5
Revision number   2585
Codename   Hermes
Security level   High
Elxis defender   GF
PHP version 8.1.2-1ubuntu2.22

Elxis 4.x/5.x DEV / Re: Upcoming Elxis 5.6 information

« Last post by datahell on August 13, 2025, 09:42:16 »

If you want to write javascript inside html body use the nonce attribute. The value of nonce can be retrieved from elxisDocument::getNonce() method (requires Elxis 5.6 or newer).

Example

<script nonce="<?php echo $eDoc->getNonce(); ?>">
javascript code here
</script>

To check if you have Elxis 5.6:

if ($elxis->getVersion() >= 5.6) {
...
}

The nonce attribute tells the browser that this piece of inline code has not been injected to the content by third parties and it is safe to execute. The value of nonce is cryptographic secure and it changes on every click. Elxis put the nonce value on document headers when using a CSP policy.

Elxis 4.x/5.x DEV / Re: Upcoming Elxis 5.6 information

« Last post by datahell on August 13, 2025, 09:29:59 »

The CSP option already exists in Elxis configuration since v5.5. However Elxis HTML was not ready for a strict CSP policy. In version 5.6 everything inline removed, even the js events.

Conversion example
Original HTML
<a href="javascript:void(null);" onclick="doSomething();">Do something</a>

New HTML:
<a href="#" id="dolink">Do something</a>

In PHP:
$eDoc->addNativeDocReady('doOnLoad();');

In javascript file:
function doOnLoad() {
document.getElementById('dolink').addEventListener('click', function(e) { e.preventDefault(); doSomething(); });
}

If you have many links executing the same js function it is recommended to use "data-" attributes. Example:

<a href="#" data-something="12">Do 12</a>
<a href="#" data-something="15">Do 15</a>
<a href="#" data-something="18">Do 18</a>

let dnlinks = document.querySelectorAll('a[data-something]');
if (dnlinks.length > 0) {
   for (let q=0; q<dnlinks.length; q++) {
   dnlinks[q].addEventListener('click', function(e) {
         let nid = this.getAttribute('data-something'); e.preventDefault(); doSomething(nid);
      });
   }
}

Elxis 4.x/5.x DEV / Re: Elxis 5.6: Inline events removal

« Last post by nikos on August 12, 2025, 20:47:42 »

Quote from: datahell on August 01, 2025, 21:35:49

... If CSP policy gets applied via Elxis configuration then all inline javascript, CSS and events stop working. This affects everything on the page, elxis build-in extensions, third-party extensions, html content from the editor, etc. This is why Elxis must be able to work under such strict security environment. If any problem arise then it will be on a third party extension (also require update).

It means that in Elxis configuration will exist the option to enable the CSP policy or not?

Elxis 4.x/5.x DEV / Inline events, CSS and JS

« Last post by datahell on August 09, 2025, 20:08:24 »

All inline events, CSS and javascript removed. Even JQuery library modified in order to be compatible with strict CSP policies.

Recommended CSP policy for Elxis configuration (Elxis 5.6 or newer, make sure third party extensions are compatible):

default-src 'self'; frame-ancestors 'self'; form-action 'self'; script-src 'self' 'nonce-{nonce}'; style-src 'self' 'nonce-{nonce}'; img-src 'self' *.elxis.net data:;

Note: {nonce} get replaced automatically by elxisDocument with the corresponding value.

Elxis 4.x/5.x DEV / Elxis 5.6: Inline events removal

« Last post by datahell on August 01, 2025, 21:35:49 »

Inline javascript events get removed in order Elxis to work with strict CSP directives. Many files got modified for this purpose. Most probably not 100% of these events will be removed as they are too many. HTML and javascript get re-written. Even if some inline events get preserved these will not be of critical functionality and they will be removed on a later update.
Currently all frontend section and most of the backend has these inline events removed.

If CSP policy gets applied via Elxis configuration then all inline javascript, CSS and events stop working. This affects everything on the page, elxis build-in extensions, third-party extensions, html content from the editor, etc. This is why Elxis must be able to work under such strict security environment. If any problem arise then it will be on a third party extension (also require update).

Γενικά Θέματα για το Elxis CMS / Re: Link άρθρου στο messenger

« Last post by evkarab on July 31, 2025, 07:49:54 »

https://forum.elxis.org/index.php?topic=9173.msg58222#msg58222

Γενικά Θέματα για το Elxis CMS / Link άρθρου στο messenger

« Last post by eliasbou on July 30, 2025, 20:26:52 »

Καλησπέρα. Στην προσπάθεια να στείλω ένα Link ενός άρθρου στο messenger για εικόνα μου εμφανίζει πάντα την ελληνική σημαία, αλλάζει αυτό.

Elxis 4.x/5.x DEV / DeepL API 403

« Last post by seadhna on July 15, 2025, 21:47:39 »

Hi there,
I was able to use DeepL API translation but it doesn't seem to be working anymore, I have tested on several Elxis installations on different hosts.
I get a 403 authentication error.
I have tried with valid FREE and PRO API keys, but the same error. Google translate and MyMemory are working.
I'm wondering if anyone else has had the same problem, maybe something has changed on the DeepL side?

Pages: 1 ... 5 6 [7] 8 9 10