Custom code security measures

Org Chart provides flexible customization features. In most cases, it doesn’t require any custom code but sometimes customers need complex modifications of the org chart. For cases like this, the web part supports advanced capabilities specifically designed to safely customize your org chart. It includes custom HTML, CSS, and JavaScript that can be applied to Org Chart boxes.

The web part implements security measures to make this possible. Here is how it works.

Only Tenant Administrator can edit JavaScript
HTML templates are sanitized before rendering
CSS styles are sanitized before executing
JavaScript customizations can be disabled on tenant level

Only Tenant Administrator can edit JavaScript

The web part stores all JavaScript customizations in SharePoint Tenant Properties. It guarantees that nobody except the Tenant Administrator (Global Administrator) can edit them. If you are not a Tenant Administrator you may see this screen when trying to access the JavaScript code:

HTML templates are sanitized before rendering

HTML templates are applied only to Org Chart user interface:

Boxes
Tooltips
Search results

Any user-defined HTML templates are sanitized before rendering. It means no custom JavaScript can be inserted into templates. Only valid HTML markup passes sanitizer.

CSS styles are sanitized before executing

Custom CSS styles are used for advanced boxes customization. All styles are sanitized before applying to the web part. No JavaScript can be inserted into styles.

JavaScript customizations can be disabled on tenant level

Tenant Administrators can disable JavaScript customizations on the tenant level. Contact support@plumsail.com for guidance.