Marquee Feature: Plug-Ins
(-) Plug-InsAdd plug-in support for additional components and enhance plug-in definitions.
... Add 'Escape special characters' flag to region attributesEA1The new checkbox 'Has "Escape Special Characters" Attribute' has been added in the "Standard Attributes" section of a region type plug-ins to allow to control if a region of that plug-in has the "Escape special characters" field in the Security section when the region is edited. The value selected for a region is stored in the p_region.escape_output variable when a plug-in is called. It can be used by a plug-in developer to determine if the values read by the plug-in (for example from a SQL statement) should be escaped before displaying them on the page or not. This can be used to give developers using the plug-in the possibility to prevent Cross-Site Scripting (XSS) attacks. Note: The "Escape Special Characters" attribute is a generic attribute and doesn't provide security out of the box by itself. It's up to the plug-in developer to use that setting to determine if the output should be escaped or not.
... Add 'Substitute Attribute Values' flag to plug-in configurationEA1Custom Plug-in Attribute Values specified by the developer might contain items referenced with substitution syntax, for example &P1_DNAME. If Substitute Attribute Values is set to 'Yes' Application Express will automatically replace those references with their actual value before calling the plug-in. If Substitute Attribute Values is set to 'No' the values are written unchanged into the attribute_01 - attribute_15 record type attributes of p_plugin, p_item, p_region, ... and the plug-in developer is responsible for replacing those substitution syntax references with a call to apex_plugin_util.replace_substitutions or do similar replacements. A use case for 'No' would be if the custom plug-in attribute is used in a template and the substitution syntax is used to reference page items and columns of the SQL statement executed by the plug-in. Because the column values of the SQL statement are not available at the time when the plug-in is called, the replacement has to be done by the plug-in itself.
... Add plug-in support for Authorization schemesEA1Authorizations have been re-implemented using the APEX plug-in architecture. Developers can now create plug-ins of type "Authorization Scheme Type", e.g. for database role or LDAP based authorization. Authorizations can be implemented more declaratively, based on these new plug-ins and their attributes are based on built-in authorization types. When creating a new authorization, different authorization attributes are shown, depending on the selected scheme type.
... Attribute Usability EnhancementsEA1The following enhancements are designed to increase the usability of plug-ins: 1) Textarea for the plug-in attribute types PL/SQL Code, PL/SQL Expression, PL/SQL Function Body, SQL Query and Textarea is now resizable. 2) Attribute types "Page Number", "Page Item" and "Page Items" now do have List of Value support
... Increase number of custom attributes to 15EA1The number of custom attributes which can be defined for a plug-in has been increased to 15.
... New attribute type "Checkboxes"EA1New plug-in attribute type "Checkboxes" which allows the user to check multiple checkboxes based on the defined list of values. This new attribute type allows a developer to enable certain features of a plug-in by using just one custom plug-in attribute.
  • 1 - 7