[SOLVED] Add URL link to sitemap

Cyberzoid · June 7, 2016, 12:34am

Hello there
My question is: Is there a way to add a clickable link to another webpage on a sitemap?

My first example would be a link to say WUnderground weather on my weather page in my sitemap. You know in case i want more information.
Another would be to have a shortcut to another sitemap that is more specialized for a scenario. (like the master sitemap have a link for other niche sitemaps)

Yet another would be to have a shortcut to my 3dprinter control webpage in my sitemap.

This would be nice to have. Is it possible?

Solution:
For any URL

String WUnderground_URL "<a href='https://www.wunderground.com'>Weather Underground</a>"
```
For local sitemaps 
````java 
String LINK_THERMOSTAT "<a href='/openhab.app?sitemap=thermostat'>Thermostat control</a>"
```

rlkoshak · June 7, 2016, 2:02pm

I think if you create an HTML file with that link, put it in your webapps folder, then use a webview on your sitemap that should work.

There is no way to put one on your sitemap directly though.

TheKorn · June 7, 2016, 2:11pm

Not true! Well partially not true. This works for the classic UI.

String LINK_THERMOSTAT "<a href='/openhab.app?sitemap=thermostat'>Thermostat control</a>"

and…

Frame label="By Location" {
(...)
        Text item=LINK_THERMOSTAT
    }

rlkoshak · June 7, 2016, 2:24pm

Well shoot. The last time I tried that I couldn’t get a thing to work. Is this relatively new or did I just muck it up the last time I tired (probably the latter)?

I notice this info is missing from the sitemap wiki page.

TheKorn · June 7, 2016, 4:03pm

Heh, really don’t have enough info to say either way! I will say I’m still running 1.8.1, for various and sundry reasons.

TheKorn · June 7, 2016, 5:53pm

Yeah, hmmm… not really sure how to add it in there to be honest. Right now I’m not coming up with anything that doesn’t look ham handed and out of place.

rlkoshak · June 7, 2016, 5:55pm

Meh, let it be ham handed. So long as it gets capture somewhere people can find it and we can focus on making it look “good” in the OH 2 docs.

Cyberzoid · June 7, 2016, 6:31pm

Thanks this works for sitemaps Does this work for any http://www.cats.com URL? or only sitemaps internally.

edit: so that was just some random url I made up… who knew it actually existed lol
edit2: If it does work for any URL, what’s the syntax after href= ?

Cyberzoid · June 7, 2016, 6:47pm

Scratch that. Figured it out. Thanks guys

For any URL

String WUnderground_URL "<a href='https://www.wunderground.com'>Weather Underground</a>"
```
For local sitemaps 
````java 
String LINK_THERMOSTAT "<a href='/openhab.app?sitemap=thermostat'>Thermostat control</a>"
```

danielwalters86 · June 7, 2016, 6:55pm

While this may work to provide the functionality you’re after, I can’t help but see the fact you can inject html like that as a security vulnerability.

Cyberzoid · June 7, 2016, 7:06pm

Do you mean as a user implementing it, or as the platform allowing linking to internal sitemaps?

Also when I add that code to my sitemap, I’m getting this visual bug. The next two entries are covered by the same ‘url link’ as the text item. Rendering the lightswitch unaccessible

Frame label="Weather" {
		Text item=Condition_Id icon="yahoo_weather" {
			... }
		Text item=WUnderground_URL
	} // weather frame
Frame label="Light"  {
		//Switch item=Light_Bedroom label="Bedroom light" //mappings=[ON="On", OFF="Off"]
		Switch item=MS_BR_Light icon="light"
		Switch item=MS_Motion	icon="motion"
               Text icon="settings" {
                     ... 
               }
               ...
}

Cyberzoid · June 7, 2016, 7:24pm

Scratch that.
After reviewing basic HTML code http://www.w3schools.com/tags/att_a_href.asp, I found my problem. I left out the </a> at the end.

TheKorn · June 7, 2016, 7:56pm

Second chance at google-fu led me to the sitemap samples where it fits much more cleanly.

TheKorn · June 7, 2016, 7:58pm

Is it, though? More to the point, in order to exploit this wouldn’t you have to have write access to both $openhab/configurations/items and $openhab/configurations/sitemaps ? My thinking is that if you have write access to those directories, haven’t you already lost the game?

danielwalters86 · June 7, 2016, 7:59pm

No, they only need to be able to update your item that contains the address.

TheKorn · June 7, 2016, 8:00pm

…which would require write access to $openhab/configurations/items/ . (I don’t see the distinction you’re trying to make.)

danielwalters86 · June 7, 2016, 8:02pm

There’s more than one way to update an item’s value. See REST API etc.

TheKorn · June 7, 2016, 8:03pm

Ha, oh yeah! Well hey, that’s why I was asking the question!

rlkoshak · June 8, 2016, 3:01am

@danielwalters86is correct. This could be exploited by an attacker who could modify the value of your URL Item, e.g through the REST API.

I think the likelihood of such an attack is low and assuming you have security enabled you already have bigger problems if an attacker can get to your api.

But given that the site map renders href, it does seem likely that one could exploit this for a cross site scripting attack, phishing, and drive by malicious software infection.

watou · June 8, 2016, 8:11am

It is only by accident that you can embed working HTML tags in item labels, and it only works on browser clients. Ideally, there would be either a new widget type or hint so that URLs would be formally supported.