SecurID® Governance & Lifecycle Blog

Subscribe to the official SecurID Governance & Lifecycle community blog for information about new product features, industry insights, best practices, and more.

Sending emails with option to download calendar invites

PradeepKadambar
Moderator Moderator
Moderator
3 9 2,875

One of the discussion thread led me to write this quick blog on the possibility of sending emails with the option to download calendar invites. This can be handy if you want to allow the recipients to save a reminder for the activity.

The complete code is attached at the end of the blog post.

What we want is a lightweight framework that requires little customization and JavaScript based framework is well suited for our needs. This code uses the Open Source JavaScript based framework ics.js (https://github.com/nwcell/ics.js). We will embed the minified version of the framework in our HTML email templates that can then be used with workflows, email templates for reviews etc.

Below is the generated email with the option to download the calendar invite.

PradeepKadambar_0-1617423342343.png

 

Upon clicking the second button, an ICS file will be downloaded.

PradeepKadambar_2-1617423582751.png

What we have behind the scenes is a simple HTML file (attached) that has the embedded ics.js that will generate the calendar invite on demand. The cal.addEvent() method must be populated to send the appropriate details of the event.

<script type="text/javascript">
    cal = ics();
    cal.addEvent('User Access Review - Q2 2021', 'Your action is needed for the "User Access Review - Q2 2021"', 'https://igl.company.com/aveksa/main', '04/01/2021 8:00 AM EDT', '04/15/2021 5:00 PM EDT');
</script>

 

 

 

 

 

 

 

9 Comments
ShlomoKatz
Valued Contributor
Valued Contributor

Thank you @PradeepKadambar !

I see what you are doing and this is a great idea, however, don't I still need to import the ics.js?

If so, I still need to know how to get passed the header error on import.

PradeepKadambar
Moderator Moderator
Moderator

No, it is embedded instead.

From the above blog

We will embed the minified version of the framework in our HTML email templates ......
ShlomoKatz
Valued Contributor
Valued Contributor

@PradeepKadambar 

Thank you, it must be something with my Outlook.

 

ShlomoKatz
Valued Contributor
Valued Contributor

OK - I am at loss ... the code is not staying with the Review email template.

It strips out all the js code.

PradeepKadambar
Moderator Moderator
Moderator

Do you allow sanitized HTML ?

ShlomoKatz
Valued Contributor
Valued Contributor
Neha_Singh
New Contributor
New Contributor

Hi,

Only below part of the code stays in my email template and the rest of the code is ignored. Do I need to enable any custom setting for this?

 

<h1 style="color: #5e9ca0;"><span style="color: #00ccff;">User Access Review - Q2 2021</span></h1>
<h2 style="color: #2e6c80;"><span style="color: #ff9900;">What is this ?</span></h2>
<p>As part of the corporate security policy, you are required to perform the quarterly user access review.&nbsp;</p>
<p>I am ready to perform the review, <a href="https://igl.company.com/aveksa/main" target="_blank" >click here</a></p>
<p>I want to set a reminder in my calendar, <a href="#" onclick="javascript&colon;cal.download('User Access Review - Q2 2021')">click here</a></p>
<p>&nbsp;</p>
<p><strong>If you have trouble accessing the site or performing the actions please contact the Help Desk at <span style="color: #ff9900;">(456) 789-1111</span></strong></p>

D.S.9
Valued Contributor Valued Contributor
Valued Contributor

You cannot attach scripts or attribute that allows script injection OOB. This is to prevent XSS attacks. You can check the help link to see which attributes are allowed as part of sanitized html. Search "sanitized html". Definitely, no scripts.

If you are aware of it and still willing to take that risk, you can bring the old settings back that will allow you to enter any HTML markup with a hidden settings. This may be completely deprecated in future but it exists for now. I suggest you reach out to RSA support to get this enabled. But, be aware that you now have complete control over the html content and this could be good thing and bad thing depending on what you write. RSA support doesn't recommend enabling this settings. 

Neha_Singh
New Contributor
New Contributor

Hello All,

I made it with embedding the html code in email node of the workflow. But when email is triggered, it's calendar link doesn't work or open whereas the url (Organization's IGL URL) opens as expected. Did anyone had the same issue while testing or any idea about it?

Neha_Singh_0-1619685887304.png