Dear valued customer,

 

We are currently working to strengthen the security of our HTML templates to ensure that your projects are secure and working correctly. As a result, we are marking and locking all templates that no longer meet our security requirements and need to be updated.

 

If a template has been marked in red in your Site Flow account, it will become read-only and you will no longer be able to Save or Save and run it. Please note this will not stop your templates from being created and printed during production.  

 

 

 

To update any templates marked in red the HTML will need to be copied into a new template and amended following the updated security guidelines outlined below. 

 

What’s allowed

 

The following code is allowed in your template:

 

Valid HTML


These HTML elements are allowed in our platform:
 

<address>

<article>

<aside>

<footer>

<header>

<h1>

<h2>

<h3>

<h4>

<h5>

<h6>

<hgroup>

<main>

<nav>

<section>

<blockquote>

<dd>

<div>

<dl>

<dt>

<figcaption>

<figure>

<hr>

<li>

<main>

<ol>

<p>

<pre>

<ul>

<a>

<abbr>

<b>

<bdi>

<bdo>

<br>

<cite>

<code>

<data>

<dfn>

<em>

<i>

<kbd>

<mark>

<q>

<rb>

<rp>

<rt>

<rtc>

<ruby>

<s>

<samp>

<small>

<span>

<strong>

<sub>

<sup>

<time>

<u>

<var>

<wbr>

<caption>

<col>

<colgroup>

<table>

<tbody>

<td>

<tfoot>

<th>

<thead>

<tr>

<img>

<html>

<head>

<style>

<body>

<title>

<meta>

<font>

 

 

 

Make sure that your tags are closed properly:

 

<strong>BOLD FONT GOES HERE</strong>

 

 

CSS classes

 

CSS classes are allowed in our templates. Make sure that your classes are correctly defined between an opening and closing  <style>  tags inside the  <head>  portion of the file.

 

<head>

...

   <style>

      p {

         margin: 0;

      }

   </style>

...

</head>

 

 

Site Flow scripting

 

Site Flow scripting is the only form of scripting allowed in templates going forward. It is easily identified by double curly brackets.

 

{{#eq orderId.orderData.extraData.commercialInvoiceFlag 'Y'}}

   CONTENT GOES HERE

{{/eq}}

 

 

 

What’s no longer allowed

 

 

Any HTML not listed above

 

This includes (but not limited to)  <script>  and  <iframe>  tags. Functions in the header CSS are also no longer allowed.

 

 

JavaScript

 

As mentioned above,  <script>  tags are no longer supported. If your templates require scripting, you may safely use Site Flow scripting instead.

 

For example: If you wish to show/hide an element based on a condition, you may use Site Flow’s  if/else  function:

 

 

{{#if singleItemBatch}}

   DO SOMETHING

{{else}}

   DO SOMETHING ELSE

{{/if}}

 

 

 

If you have further questions about this process, please contact our support team, and we will help you as soon as possible. Thank you!

 

 

HP Site Flow team