Skip to main content
D
drichter1-Visitor
1-Visitor
March 26, 2018
Solved

Expression and the keywords

  • March 26, 2018
  • 1 reply
  • 5283 views

Hi,

 

the expression widget has a big problem with everything that as the word "alert" in it. I will use an expression for change the color of a panel dependent on an alert. I use the hasAlert-Service to get the alert state for a property. I bind this state to the expression parameter "hasAlert". If I write the expression

Output = hasAlert? "AlertRed" : "OkGreen";

I get the error message "You cannot use the alert function".

 

In the ide.js of the expression widget I saw this:

if (expression.indexOf('alert') >= 0) {
 return TW.IDE.I18NController.translate('tw.expression-ide.warnings.cannot-use-alert');
}

I think there a better ways to prevent of using the javascript alert.

Best answer by CarlesColl

Well on your exact expression you can do a simple trick:

Output = hasAlert? "AlertRed" : "OkGreen";

To ( of course you have to rename you expression parameter from hasAlert to hasAl or whatever parameter name without Alert text )

Output = (hasAl? ("Al"+"ertRed") : "OkGreen";

And yes, this javascript check it annoying and totally unusefull, neither it secures anything, should be totally removed.

 

1 reply

A
AdamR14-Alexandrite
14-Alexandrite
April 5, 2018

I agree with that assessment.  I believe there are more specific checks that can be done to eliminate improper use of JavaScript key words.  This was, as you noted, the reason behind the check.  For others who may see this the other key word checks are...

eval

alert

for

document

window

parent

this

while

 

I will bring this to the attention of the Thingworx team to see what can be updated to improve these checks.

 

Thank you for the post!

 

Adam

    P
    posipova20-Turquoise
    20-Turquoise
    April 5, 2018

    You cannot put an "Alert" directly into the expression, however you may create a parameter of the base type string and use it in the expression. An example would be to have a textarea feeding string values into the Expression widget parameter, and then displaying it. 

    C
    CarlesColl1-VisitorAnswer
    1-Visitor
    April 6, 2018

    Well on your exact expression you can do a simple trick:

    Output = hasAlert? "AlertRed" : "OkGreen";

    To ( of course you have to rename you expression parameter from hasAlert to hasAl or whatever parameter name without Alert text )

    Output = (hasAl? ("Al"+"ertRed") : "OkGreen";

    And yes, this javascript check it annoying and totally unusefull, neither it secures anything, should be totally removed.

     

    Terms & ConditionsAccessibility statement