
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
quintagroup.dropdownmenu
Advanced tools
The product allows you to build a responsive multilevel drop-down menu that will provide your visitors with organized and intuitive navigation. On mobile devices your top menu bar transforms into one drop-down. By clicking on the title or a small arrow next to it all-level menu items appear below the title.
This package allows to build dropdown menu through the web with portal_actions. Submenus are built from a tree of nested Category Actions and Actions.
The other strategy used to populate submenus is Plone default NavigationStrategy, the one used in navigation portlet.
This project is successor of qPloneDropDownMenu.
Starting from Plone 3 portal actions introduced CMF Action Category containers, it opened opportunity to build nested actions trees. Though CMF Action Category does not behave as a regular action, it has different set of properties. We introduced convention in quintagroup.dropdownmenu that requires to have a specially named Action for each Actions Category. The id of each such action must be build using the rule::
action_id = prefix + category_id + suffix
where:
:category_id: is id of correspondent CMF Action Category
:prefix: defined in DropDownMenu configlet, default value ''
:suffix: defined in DropDownMenu configlet, default value '_sub'
So, the actions structure can look like::
By default the root of dropdown menu is 'portal_tabs' category.
If the menu built with Navigation strategy is entirely public it can be cached for all users. If Authenticaded users should see some non public items the menu can be cached for anonymous only.
Caching in case of involving the portal_actions strategy is effective only in case if all the action are public and have no extra conditions. In case some conditions are applied per action switch off caching.
Find more details on the topic inside docs/INSTALL.txt
1.3.4 - June 09, 2015
1.3.3 - June 09, 2015
Cleanup templates [kroman0]
Added upgrade step for version 1.3 [kroman0]
1.3.2 - June 05, 2015
1.3.1 - May 25,2015
1.3 - May 22,2015
1.2.14 - November 18, 2013
1.2.13 - July 30, 2013
Updated condition for 'mobileMenu' [kroman0]
Fixed 'item_remote_url' [kroman0]
Updated css media for package [gvizdyk]
Hidden mobile menu for print [gvizdyk]
Updated styles for mobile navigations [gvizdyk]
Updated condition for include styles for mobile device [gvizdyk]
Use getRemoteUrl for links [kroman0]
The cache key of portal tabs was updated (thanks: richardc). [potar]
Fixed getting navigation root [kroman0]
1.2.12 - April 02, 2013
Fixed 'no record' error [kroman0]
Added sections heading [kroman0]
Fixed empty class attributes [kroman0]
Fixed html validation of mobile layout [kroman0]
Cleanup templates [kroman0]
Wraped mobile menu in div [kroman0]
Added ids for navigation [kroman0]
1.2.11 - August 10,2012
FAQs
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.