PDF documents are uploaded by the dealers to the site. There is no standard whatsoever to these documents. We want to present editable PDF forms to the users which later can be saved in the system after user filled up/edited data in these sheets. I am able to read the pdf, populate it whatever fields can be pre-populated, and also render the editable PDF to the browser. Problem is pdf does not have any Submit button and as much as I know, this can be added only by opening the pdf in acrobat.
I tried
rendering the pdf in iframe and a submit button in different frame (as much as foolish it was)
Converting the read pdf as Text and presenting all the form fields as HTML fields to user but got stuck on anything other than input type text (no way to identify if it is checkbox, radio etc)
You have to create the PDF templates with the Submit button included. You'll need to create the PDF using a full copy of Adobe Acrobat, not the reader. You can't edit with the reader. You'll also have to learn how to write JavaScript inside of Acrobat in order to do validation and small interactions in the PDF if needed.
You're not going to save a copy of the populated PDF, you're going to save the data that was submitted via the PDF form. You can then populate the file for printing, if that's what they want, but the submit button will be part of the PDF that's printed.
When you need to use a PDF form, just link to it in the browser. When you submit the PDF form, the processing CFM will redirect to the next page in the workflow. We include a cross-site request forgery token as part of the PDF form data for security. If we don't get the token as part of the FORM scoped data, then we don't process it.
We have a mix of HTML and PDF forms. Generally, our clients hand us existing documents that they want converted for the web. In some cases, we create HTML forms, in others, they prefer we keep the formatting of the document so we use PDFs. You can't dynamically convert the PDFs to HTML forms, you'll have to have someone do that manually to ensure the correct form controls are used (and populated) throughout the form.
Related
I have form type region, inside it I have three sub regions: one for image upload, second for uploaded images data view and third for uploaded images view. It's possible to upload image to database without page refresh and how I can make it? An idea is when user filling form, he can upload images and when he uploads images, list of uploaded images is updates (with dynamic action).
I have idea to create a dynamic action for page item "file browser" with change event, but how to upload an image to database without submit I don't know. Another problems is that I don't want refresh page, because user can loose filled data and data from form have to go to one table, but images to another.
Using the Dropzone plugin built for APEX is probably going to be your best option
https://github.com/Dani3lSun/apex-plugin-dropzone
This should be flexible enough to facilitate your non-submit needs, where it uploads into a collection after drag/drop, but before page submit.
I have a simple app that gets user input and when a button is clicked, the input is saved as an entry on the database. I'm thinking of creating another app that not only displays the same information (think of view profile) but also simultaneously lets the user edit the text that is displayed in the text field.
I'm guessing the solution is to have the text-fields be auto-filled by pulling the data from the database, and allow overwriting the data once the submit button is clicked.
Typically read and edit views are separated for good reasons like avoiding accidental edits, allowing different levels of access, things like that. But this capability does exist in Django via forms. If you already have a Form built for submitting the data, you can provide a page with existing data pre-filled by initializing the Form instance with the data - in the docs they call this a bound form. See this example in the docs to get an idea of the mechanics.
I'm uploading an image file in a basic Django web app. There's an upload button in the html template wrapped around by a form tag. Once the upload button is pressed, the underlying view takes over and processes image upload.
In the Chrome browser of my colleague's Macbook, pressing upload multiple times really quickly manages to call the underlying function multiples times too. I end up getting a plethora of copies of the image being uploaded.
However, this isn't replicatable in my own environment's Firefox (Ubuntu OS). Seems this issue is browser sensitive?
In any case, how do I cut off this code behavior? If the user goes into a click frenzy, I don't want multiple images to go up. Can someone guide me how to handle this in Django? I would prefer a non-JS, server solution too.
Note: Let me know if you need to see my related code.
Many people faces this issue. If the submit button called 3 times wihtout waiting to refresh the browser, it will gonna add 3 times.To prevent that you can use jQuery.
For example on form submit you can show the loader or disable the submit button,
$('#login_form').submit(function() {
$('#gif').css('visibility', 'visible');
or
$('#button').prop('disabled', true);
});
Edit for server side implementation:
I do not suggest this for user interface point of view but if you can also valid submits using sessions or cookies.Generate random token in your view and set this in your form as hidden input.
for e.g.,
def checkform(request):
form = ExampleForm(request.POST or None)
randomtoken = #generate random token here and set in session or cookie
if form.is_valid():
# check_token here
session_value == request.POST.get('your_hidden_token')
# if matched than change the random token and save your data else do your restriction processing
render ( request,'template.html',context={ 'form':form,'randomstring':randomstring } )
If a web page comprises of drop downs,radio buttons,check boxes etc for user input and avoid text fields and text area to evade untrusted data(malicious javascript entered by the user).
Is such a web page immune to XSS?
If not how to secure such an application using ESAPI.
You can edit the form in your browser using for example Firebug and just add any field with any name.
Even more so, you can just forge whole post/get requests with any data you like (using curl or many other tools).
So: no, it is not.
Not necessarily. The input type doesn't matter, because requests can be spoofed (easy with GET, but not too hard with POST requests). What matters is that the result of the form is sanitized before inserting it into the page.
I have a simple Django form with Image field and some other fields. Now the user has entered the form field and pressed on submit. Due to some error, the form has not validated.
As a result of the form not validated, the form image field is cleared of i.e. the user has to again enter the image field. I dont want this to happen. I want the image field to contain the same value the user had entered. Is it possible to do this ?
Note : What I have read and know, there is no way of pre-filling this image field, as it can be a big security threat. But one of my technical clients is insisting that it can be done using session variables of some sort. Is it possible ?
Validate the form on the client side using JavaScript, and prevent submission unless the form is valid. That way, you won't lose the existing content because your form won't get submitted unless it's already validated OK.
Assuming you're using jQuery, you could bind to the click event of the submit button, and use preventDefault to stop the default behaviour. Then validate the form, and submit it only if it appears to be valid.
That way you will only ever have the form submitted to Django once it has already been validated and so as long as your client-side validation is reliable, you shouldn't experience this issue.
To show the image in the view, it would need to be saved to your server, S3, or whatever else you are using for static/media files.
From JavaScript, you may be able to store the chosen file in localStorage, and set the remembered chosen path on form error. I'm not sure if the HTML5 filesystem API allows this. See http://www.html5rocks.com/en/tutorials/file/filesystem/
As Matthew Daly said, going with client-side validation is the best choice; anything else would probably be a headache.