SR-D52785 · Issue 518651
XSS protection added to layout runtime java and whitelist validation available for host/XFHost
Resolved in Pega Version 8.4
In order to protect against XSS issues, filtering has been added to the RepeatDynamicIndex parameter value in layout runtime java. In addition, a validation for X-Forward-Host value has been added which will be read from a local configuration. This is in the form of a white list regex filter for the host/XFHost header to ensure the URL's actions cannot be redirected.
SR-D53260 · Issue 524752
Added check for section refresh when files are attached offline
Resolved in Pega Version 8.4
After attaching files in offline mode, the files intermittently did not show up in the "recent attachments" list when performing any action on the attachments section. This was traced to the asynchronous reload of sections, and has been resolved by adding a condition in the sectionRefreshCallback() to check if the response matches with the correct reload element.
SR-D53488 · Issue 520016
Tab layout group handling improved
Resolved in Pega Version 8.4
A difference in scrolling speeds between left and right arrows and an issue with the cursor correctly being redirected to mandatory fields were traced to errors in the tab layout group handling. The right scrolling issue was due to the calculation for right tab movement being incorrect in certain resolutions with relatively positioned elements, and has been corrected. The cursor redirect was caused by an error in the layoutgroup focus when used inside a screen flow where the first focus goes to the screenflow navigation on load, and has been resolved by adding a try catch for an invalid selector in case of a div error.
SR-D53568 · Issue 521146
Improved post-upgrade compatibility for custom tabbed screen flows
Resolved in Pega Version 8.4
After upgrade, a screen flow with a customized harness saved-as from a TabbedScreenFlow harness and configured with client side validation disabled was displaying a blank white screen if validations failed when moving from one tab to another tab. When a tabbed screen flow has errors the necessary script bundles should be added, but this configuration was created prior to the introduction of templated controls and non-templated controls don't need script files. Because the ‘doesStreamMatchInputProperties’ method sets ‘researchmode’ to true, the ‘doOnlyOnce’ method evaluated to false and script files related to templating controls were not getting appended. For greater backwards compatibility, 'mResearchMode’ will be set to ‘true’ to make stream processing light weight. In addition, the researchmode check will be removed when adding scripts.
SR-D54184 · Issue 519319
Enhancement added to customize the clearing of error messages when performing modal actions
Resolved in Pega Version 8.4
Opening any modal dialog, for example adding a row in Table/Grid layout, cleared any existing validation error messages on UI screen. In order to make this behavior customizable, a flag has been introduced to control the clearing of error messages from primary pages on grid actions. Updates have been made in the ui_grid, ui_grid_dragdrop and ui_repeatlayout JS files to include this flag in activity parameters and the pzdoGridAction activity has been modified to consider the flag.
SR-D54594 · Issue 521635
Enhancement added to customize the clearing of error messages when performing modal actions
Resolved in Pega Version 8.4
Opening any modal dialog, for example adding a row in Table/Grid layout, cleared any existing validation error messages on UI screen. In order to make this behavior customizable, a flag has been introduced to control the clearing of error messages from primary pages on grid actions. Updates have been made in the ui_grid, ui_grid_dragdrop and ui_repeatlayout JS files to include this flag in activity parameters and the pzdoGridAction activity has been modified to consider the flag.
SR-D54785 · Issue 524804
Corrected grey area seen when dragging tabbed layout Smartinfo scroll
Resolved in Pega Version 8.4
When using Show Smartinfo in a tabbed layout group, a grey area was seen in the harness while scrolling. Scrolling up so that Smartinfo was out of view port caused another scroll bar to seen: one scrollbar was attached to the workarea div and the other to the body, and the gray area issue was only reproducible when explicitly dragging the (second) scrollbar attached to the body. To resolve this, if the popup is below the viewport using Smartinfo and the height calculated is negative, then the popup's height will be set to 0px.
SR-D54920 · Issue 518274
Extra checks added for pasting Excel content to RTE
Resolved in Pega Version 8.4
Copying content from Excel into RTE pasted an image of the content either instead of the actual content or in addition to the actual content. This was traced to the handling of the isHTML flag: the flag should be set to true when there is HTML content in the datatransfer item or while pasting images (!isHTML is the condition in if). However, the sequence of the data items in the datatransfer can change depending on the browser/OS, causing isHTML to sometimes not be set to true before it is used in the condition while pasting images. To resolve this, changes have been made to the pasteHandler in the pzpega_ckeditor_extras file so proper checks are made to figure out the type of data from the clipboard that is being pasted.
SR-D55233 · Issue 520721
AJAX container handling updated to use Harness context API
Resolved in Pega Version 8.4
After creating a service case and adding a task to the case, a button configured to refresh the section on a condition worked correctly the first time but did not respond to a second click. This was traced to the tasks being located in two different Ajax containers: in this usecase the condition evaluation logic related to actions was still using the regular DOM API and using the context from the first AJAX container. To resolve this, the system has been updated to use the harness context API pega.ctx.dom.getElementsByName instead of DOM API to resolve the necessary elements from the correct AJAX container.
SR-D55461 · Issue 523176
Corrected modal timing issue when deleting Data Transform or Property rules
Resolved in Pega Version 8.4
When deleting Data Transform or Property rules, there were times when the deletion modal only appeared briefly and then the web page turned white, the message "No stream to display" appeared at the top of the web page, and all other content disappeared. This was more frequent when the requestor had been idle, but occurred under other situations as well. This was traced to a timing issue: once the modal action (localaction -modal or flowinmodal) is triggered the event queue should be paused, but in some cases the system was executing the next action in the queue and causing the no Stream to Display error. To resolve this, pega.u.d.bModalDialogOpen will be set to true in the prerender callback instead of success callback. This will set the flag in the pre-rendering logic so that correct modal status will be known to the action processor.