This demo generates a HTML file that contains a demonstration of the Report-Engine's HTML generator extensions for interactive reports.
When being loaded in the browser, the report-level Java-Script fragment pops up. The code for this fragment is found in the "layout.xml" file inside the report-bundle file in the "layout" element.
A second pop-up demonstrates the report-element level code injection capabilities. The code for this fragment is found in the label-element inside the report-header element in the "layout.xml" file inside the report-bundle file in the "layout" element.
Clicking on the "Exciting Quadrant Data" element demonstrates the ability to inject code into the HTML-event-handlers.
Hovering over the "Variance" group-footer field triggers the tooltip.
For the HTML code injection, we use the reporting engine's new attribute-system.
The attribute's content is directly converted into the HTML event handlers of the resulting HTML file. The attribute values will not be processed by the reporting engine in any way, but will be encoded using character-entity encoding for the special XML characters.
This translates into the HTML-name attribute. It may be used to mark elements for java-script handlers.
This translates into the "id" attribute. The attribute is defined to be unique within the output document, but it is up to the attribute's user to enforce or ensure this uniqueness.
The contents of this attribute are appended to any generated "class" attribute and can be used to apply additional styles to an element.
The contents of this attribute are copied into the "title" attribute, which is displayed as tooltop when hovering over the element. However, the title attribute is used in the accessible-HTML context, so it may be a good idea to be careful when using this attribute.
The extra-raw content allows to inject non-interpreted content into the resulting report. The content can contain java-script. This is a "shoot-yourself-in-the-foot" property that allows to introduce security problems with ease.
The extra-raw-header-content allows to inject non-interpreted content into the <head> element. The content can contain java-script. This is a "shoot-yourself-in-the-foot" property that allows to introduce security problems with ease.