Over the past weeks we have been working on improvements to Cellosign platform. In this post you can see a list of what has been changed, updated, and/or what bugs have been fixed.

New features & enhancements

Updated Content Security Policy (CSP)

We have updated our security policy to prevent access from forms to unknown web resources.

Why is that important?

We are considering that any form that posted to remote client contain sensitive and valuable information (health, financials etc). By adding external resources to forms, such as image backgrounds from external URLs or PIXEL implementation such as google-tag-manager, the form is exposed to external Attack that prevent us from keeping you and your clients data safe.

What has been carried out on our side in that respective?

We have scanned your templates, checked and validated external resources and explicitly added resources that are secured to our CSP whitelist.

What should be done on your side?

1. Background images to forms using URLs must be avoided. Use base64 strings for background images. This is how to do it.
2. Case you require PIXEL support, please submit a ticket our support team. Add your PIXEL URLs to ticket for inspection.

Software upgrades

Software packages that are effecting remote client forms and agent application (co-browse) has been updated to latest release.

We have carried out comprehensive testing to make sure applications are intact. However, in case your templates includes Custom CSS and Javascript we advise to carry out tests to make sure your custom software works as expected. To see custom code, login to application console. For each template, open “Settings” and on the right pane click “Javascript” and “Stylesheet”, case the left pane is not empty, please double check your template at work.

Public page enhancement

As you probably aware, template and BPM processes can be launched using a public template. Typically public pages require an input to initiate a process. Up to this release, public page is presenting page with required input. With this upcoming release input requirements can be added to URL in a querystring format.

For example:

Open the this url. https://preprod.cellosign.com/public/02774a7724ae4211a903043bd4171c96. It display a page where you will be required to enter name, mail and phone number.

Alternatively, you can open this URL. All the required parameters are injected using a query string and the form will be opened instantly. Be advises that although this option is available use it wisely. Public pages with client data should be secured and posted to clients directly. DO NOT leave public URLs with client data out for grabs.

Apply user context to form

With this release you will be able to apply Agent context into form automatically. This can be helpful if you require Agent name,phone or email to appear on form automatically with no user intervention.

To do so, you will need to apply context as default values to field in a form. For example, you would like an agent email to appear on form automatically.

1. Add email field to form
2. On field settings add “$initiator.email” to default value.
3. Once new session is created the agent email will be displayed automatically

Note: It is advised to use this option when it’s required. Do not expose your employees data when not needed.

The following contexts are available for your disposal:

Added “Table” element

Due to multiple requests, we have added “Table” element to our form builder.

For more details see reference to table in this guide.

Data tables enhancements

We have added new feature to data tables, that is the ability for data table cell to include input elements as well as static data.

When this is useful?

Let’s assume that you have an “Insurance proposal” that needs to be implemented. Your proposal might end up with hundreds or thousands of texts and input elements that are varied as our client engaging with the form, for instance, when “Second driver” is required, we want to show legal notice and inquire regards the potential driver(s).

One way of doing this is implement the entire data set within the form as it’s normally being done, this can be tedious when there are lots of form elements…

Another way is to implement it with data tables. With this enhancement, data table cells can include input elements as well as static data, so when client selects “Second driver” in the form, the entire set of texts and input will be displayed automatically, without the need to configure them in the form itself.

More details in data tables reference.

Fixes

1. #BUG-1436: Date element accept wrong format when entered manually is fixed and now accepts manually entered values as configured in data time format options.
2. #BUG-1362: On previous releases, when file was added to Google drive through Archive integration, date-time stamp was added to file name. This has been removed and file name includes only the file name convention, without date-time stamp.