HTML and Formatted Text widgets

The HTML and Formatted Text widgets are designed to display customized information on Overview places, including the community Home page. They are flexible but should be used carefully to ensure effective, performant pages.

Important: We do not recommend that you use widgets and widgetized Overview pages in your community. For more information, see Understanding pages in places.

You can use HTML and Formatted Text widgets to embed all kinds of assets, including images. These widgets are often used to provide visual orientation or branding to the site or the place. The HTML widget also allows you to add JavaScript and CSS elements, with certain security limitations, which are described later in this topic.

Uploading resources to a widget

You can use the Formatted Text and HTML widgets to upload up to 10 file resources per place. Spaces can include any kind of files: groups and projects are limited to GIF, JPEG, PNG and BMP files. Files you upload are stored as part of your community so you don't have to retrieve them from an external location, which can improve performance and saves you the trouble of hosting them elsewhere. You can then refer to these resources in any Formatted Text or HTML widget you have access to edit. For detailed instructions, see Uploading files to widgets.

Warning: The resources you upload this way are posted on the Internet and can be viewed by anyone with access to the network. By design, they don't inherit the authentication requirements of your site or the permissions to the place where you upload them.

Managing performance

Uploading resources is a good way to limit the performance impact of resource loading from your widgets: uploaded resources don't need to be authenticated on page load. However, you should consider user page loads when determining the number and content of widgets.

Managing HTML widget security

To ensure security and prevent problems that can corrupt your pages and keep them from loading, any HTML widget code that calls a <script> tag is contained in an isolated iFrame. This is known as the Safe mode. If you want to include CSS or any other styling in the widget, you can include it in the same location as your HTML code. Isolation of the HTML widget also means that the widget can't borrow JavaScript from the Overview page, and that visual components cannot extend beyond the perimeter of the iFrame. Simple HTML, JavaScript, and CSS continue to be supported.

In the Safe mode, you can still call the assets associated with the core Jive installation as follows: 

<script src="/resources/scripts/jquery/jquery.js"/>
<link rel="stylesheet" href="/styles/jive.css" media="all"/>

It's possible for your site administrator to use a system property to override the default Safe mode behavior (iFrame isolation) and allow external JavaScript access from the HTML widget. However, this approach requires caution and is not recommended. In previous versions, before the Safe mode was implemented for widgets, it was possible for corrupted widget code to cause serious problems that affected the database.

Widget upload access should be limited to users you trust. Because any social group owner can upload resources to these widgets, it's possible for users to make incorrect judgments about appropriateness and security, so make sure group owners are carefully chosen.