Guide: Securing Engaging Networks templates and pages
Suitable for web developers or those familiar with HTML and CSS
Basic Steps
Below are some very basic steps for ensuring your Engaging Networks pages and page templates are secure.
SSL certificate - All Engaging Networks pages must use an SSL (Secure Socket Layer) certificate which encrypts data sent between a website and a browser. URLs for pages using an SSL will include HTTPS. Up to three SSL certificates are included as part of the subscription to Engaging Networks (procured through Cloudflare).
Secure page assets - Assets or resources linked on a page or in a page template should be also secure (HTTPS). Resources include stylesheets, JavaScript libraries, images and scripts. Any assets uploaded to Engaging Networks images and files library are stored securely.
Update libraries regularly - If your page template includes JavaScript libraries such as jQuery, be sure to regularly update them with the latest version. Old and outdated libraries may contain vulnerabilities that could be exploited by malicious actors. You can see if your pages or templates are using assets with known vulnerabilities using the scan results report.
Use validators when possible - Restrict the data that can input in fields on your Engaging Networks fields. This can be done with the standard field validators or with custom validators using RegEx.
Reviewing and updating a page template
Templates can be created and managed in Engaging Networks under Pages > Components > Templates. Then select the pencil icon to edit the template. Depending on the type of template, this may immediately display the HTML of the template, but if it is a blueprint template you will need to select the Edit HTML (I know what I’m doing) option on the bottom left of the template.
Reviewing scripts and libraries
Scripts can be placed anywhere in the template, so check both the header and footer. Libraries are typically in the <head> but can be placed anywhere in the template, so check both the header and footer.
Find all javascript (.js) files by searching (Ctrl+F) for .js or the name of the library (ex. jQuery). If you know the library, you can also search for the exact link.
For any URLs not using HTTPS, open the file URL and save the file locally.
Upload all of the files to the Engaging Networks images and files library.
Change all of the URLs to the ones given by the File & Images manager
Updating out of date libraries
In addition to confirming that the scripts and libraries are loaded with HTTPS, ensure the most recent version of the library is being used and that library is being called from a reputable source.
Example of a jQuery library from Google
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
To update a library, simply change the URLs from the old library to the new library in your template.
Examples where you might source libraries, check for the most recent version, and see known vulnerabilities.
https://releases.jquery.com/
https://getbootstrap.com/
https://developers.google.com/speed/libraries
https://cdnjs.com/libraries/jquery
You should take into consideration the location of library hosting before using a service if you need to comply with GDPR. Please discuss with your own compliance teams to determine which to use.
Reviewing Images
Images can be placed anywhere in the template, so check both the header and footer.
Find any images in the template by searching (Ctrl+F) for .gif, .jpg, and .png and other image file extensions.
For any URLs not using HTTPS, open the image URL and save the image locally.
Upload all of the images to the Engaging Networks images and files library.
Change all of the image URLs in the page template to the ones given by the File & Images manager
Reviewing stylesheets
Stylesheets are typically in the <head> of the HTML but it is good to check both the header and footer.
Find all stylesheet (.css) files by searching (Ctrl+F) for .js and .css.
For any URLs not using HTTPS, open the file URL and save the file locally.
Upload all of the filesto the Engaging Networks images and files library.
Change all of the URLs to the ones given by the File & Images manager