cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about PTC Community Badges. Engage with PTC and see how many you can earn! X

Change in Composer and Mashup builder functionality for ThingWorx 9.0

Walter_Haydock
7-Bedrock
7-Bedrock
‎Jan 03, 2020 04:43 PM
‎Jan 03, 2020 04:43 PM

Change in Composer and Mashup builder functionality for ThingWorx 9.0

Hi everyone,

 

As part of a wide-ranging product review for the 9.0 release of ThingWorx, PTC has decided to remove a range of functionality due both to limited market adoption and a continuing effort to harden the security of the ThingWorx platform. Thus, for ThingWorx 9.0, PTC will be removing the following capabilities:

 

• The ability to use rich text in the Composer “Documentation” field (existing rich text will be displayed as raw HTML);
• The ability to use rich text in blogs and wikis in Mashup Builder (existing rich text will be displayed as raw HTML);
• The ability to edit HTML text in mashup builder. ThingWorx users will still be able to employ a service to import HTML content if desired.

 

Please prepare for these coming changes as appropriate. Thanks!

Labels:
0 Kudos
Notify Moderator
7 REPLIES 7
CarlesColl
18-Opal
18-Opal
(To:Walter_Haydock)
‎Jan 07, 2020 11:05 AM
‎Jan 07, 2020 11:05 AM

Hi Walter,

 

  • Composer "Documentation" Rich Text -> we can live with it, but it's a downfeature for developers and hard to make it well readable when you have complex objects where you need to explain it right. If you see it as documentation for developers, we can pair with GitHub documentation where you have Rich Text editing features and this doesn't makes it more unsafe but a lot more useful.
  • Rich text in blogs and wikis in Mashup Builder  -> Ok for Composer side. But what about Blogs and wikis Runtime? this is an essential feature on runtime side.
  • Edit HTML text in mashup builder -> We don't prefill much on the composer side, but shouldn't be a big deal.

 

Anyway, where is the security problem? A developer with browser developer tools can do almost anything on the browser side, no need to have HTML Rich Text edition feature to break the security.

 

Thanks for the update on the future plans,

Best Regards

Carles Coll

Notify Moderator
Walter_Haydock
7-Bedrock
7-Bedrock
(To:CarlesColl)
‎Feb 07, 2020 02:11 PM
‎Feb 07, 2020 02:11 PM

Hi Carles. For the 9.0 release, we have eliminated the rich text functionality of blogs and wikis at runtime due to the aforementioned security concerns. An internal analysis led us to this course of action, but unfortunately, I can't get into details on this public forum.

0 Kudos
Notify Moderator
CarlesColl
18-Opal
18-Opal
(To:Walter_Haydock)
‎Feb 08, 2020 05:53 AM
‎Feb 08, 2020 05:53 AM

Hi Walter,

 

Then which it's the solution for us? as we widely use it as aforementioned:

 

  • Blogs -> To discuss about Things, we attach fotos to the blogs entries, we use rich text in order to make points and highlight things (As I'm correctly doing here on the PTC Community)
  • Wikis ->
    • In order to add knowledge to Things, and plain text it's a poor knowledge tool.
    • In order to add help on our platform, where we attach photos and also add sections (H1, H2,...)

If it's not on TW 9.0, then we won't be able to upgrade, you should provide a path or something, for our customers will be a downgrade/downfeature and they won't accept it.

 

Thanks in advance, we can provide you and development / product team a demo of our platform to see what feature you are killing. We already did on the past, still I never had success but I can keep trying, as @Aanjan  , @mhollenbach and @aressler  know...

 

Carles Coll

0 Kudos
Notify Moderator
Walter_Haydock
7-Bedrock
7-Bedrock
(To:CarlesColl)
‎Feb 10, 2020 10:32 AM
‎Feb 10, 2020 10:32 AM

Hi Carles - unfortunately this isn't functionality we are planning to continue providing in ThingWorx. We wanted to give potentially impacted users a heads up in advance through this post.

0 Kudos
Notify Moderator
bmehringer
12-Amethyst
12-Amethyst
(To:Walter_Haydock)
‎Jan 21, 2020 10:29 AM
‎Jan 21, 2020 10:29 AM

We found in the upgrade from 8.3.8 to 8.3.10 that some changes, such as editing the HTML text and changes in how certain elements (span) are handled, were already made to the HTML Text Editor which is restricting us from upgrading to the new patch release. I'd recommend PTC provides a method for customers that do not have security concerns a way to still use the existing HTML Text Editor widget.

0 Kudos
Notify Moderator
rleir
17-Peridot
17-Peridot
(To:Walter_Haydock)
‎Jan 31, 2020 09:25 AM
‎Jan 31, 2020 09:25 AM

Walter

Do you have a markup language, perhaps like github's markup? Please excuse if I am missing the point.  https://guides.github.com/features/mastering-markdown/

 

Agreed about security. You would be doing this to make XSS and CSRF attacks more difficult?

Thanks -- Rick

0 Kudos
Notify Moderator
Walter_Haydock
7-Bedrock
7-Bedrock
(To:rleir)
‎Feb 07, 2020 02:12 PM
‎Feb 07, 2020 02:12 PM

Rick - thanks for the note. ThingWorx does not have an equivalent to the GitHub markup language. Unfortunately, I can’t comment directly on what type of security risks we are trying to counteract. 

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags