This release adds
- USCDI v1 rendering support. Its main purpose to collect feedback at C-CDA IAT, but feedback through issues here is welcome too. See documentation for more
- support for reordering of sections through a new parameter
section-orderdocumented in the parameters - support for rendering of ClinicalDocument/sdtc:statusCode
In addition, this release adds French (fr-fr) as supported language, and closes #13 and #25
Security Notice
In version 4.0.0, May 2018, a change was introduced where embedded base64 content was rendered in an iframe without an active sandbox. Before this version only base64 PDF content was allowed to do this. When an iframe is not sandboxed, it is possible that maliciously crafted base64 contents impose a security risk.
This has been mitigated in the following way:
-
Any iframe is now sandboxed. Sandboxed iframes instruct the browser to disallow plugins and a number of other things that make the rendering more safe. It also limits what can be rendered. For example pdf rendering requires a plug-in and is thus prohibited from rendering by default. Since a lot of CDA documents rely on pdf, a new parameter "limit-pdf" has been implemented. If your environment wants to allow for pdf rendering, you may set this parameter to 'no'
-
The sandbox attribute is not supported before Internet Explorer 9. To avoid potentially unsafe contents in older versions of Internet Explorer 9 and before, a switch has been added that prevents iframes under these browser versions entirely.
Users of versions 4.0.0 through 4.0.2 beta 9 of the stylesheet are encouraged to upgrade to version 4.0.2 beta 10 or up. Note: This stylesheet comes without warranty and should be locally tested by implementers before production release.
Tested against Microsoft Internet Explorer 9, 10, 11, Microsoft Edge (before and after move to chromium), Google Chrome, Firefox, Safari (macOS), and Mobile Safari (iOS)