Blackbaud Online Express Tips

Security Lock

Protect Your Donors

To ensure the security of your Online Express donation forms, you must take appropriate security measures on the web pages where you post them and on the rest of your website as well. Here are several important considerations to keep in mind before you embed forms on your website:

Enable Secure Sockets Layer (SSL)

The web pages where you embed your forms should only be accessible via SSL. SSL is a protocol that encrypts confidential data such as credit card numbers so that you can safely transmit it over the Internet. Communication between your Online Express forms and the server is already SSL, but we strongly recommend that you enable SSL for the entire web page where you post the form to add an additional layer of security.

Comply with the Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS is a set of requirements to ensure that companies process, store, and transmit credit card information in a secure environment. It includes requirements for security management, policies, procedures, network architecture, software design, and other proactive measures. Online Express forms allow you to collect and store credit card information in compliance with PCI DSS, but before you place forms on your website, you should ensure that your site adheres to PCI DSS and proactively protects payment card information. To learn more about PCI DSS and download the specification and its supporting documents, go to www.pcisecuritystandards.org.

Limit Page Content

The web pages where you embed your donation forms should not include any content that could compromise the security of your donation forms. For example, do not include other data input forms alongside your Online Express donation forms. In addition, do not include content from outside sources such as RSS feeds on the web pages where you embed forms.

Do Not Render Editable Data

We strongly recommend that you do not render any user editable data on the web pages where you embed your donation forms, even if that data is created or edited on a different page. If you ignore this recommendation and include user editable data alongside your Online Express donation forms, we recommend that use proper cross-site scripting (XSS) preventative practices such as those recommended by the Open Web Application Security Project (OWASP). For example, if your website users can edit their names on a profile page and you render those names on the web pages with your donation forms, you must secure the profile page so that website users cannot enter JavaScript that can be executed when it is rendered on the pages with your donation forms.

Tips to Embed Forms with Popular CMS Tools

Blackbaud Online Express was designed to work easily with the most popular website management tools, and you can embed donation forms with tools such as DotNetNuke, Drupal, Joomla, Tumblr, and WordPress. Some of these tools require special actions before you embed the JavaScript for your Online Express donation forms, so please review the tips and special considerations for your website management tool of choice.

Drupal Icon Drupal WordPress Icon WordPress Joomla Icon Joomla!
DotNetNuke Icon DotNetNuke Tumblr Icon Tumblr    

How to Embed Forms

Drupal

Drupal

  1. For the web page where you will embed the JavaScript for your Online Express donation form, click Edit. The Edit screen appears.

  2. In the Text format field, select “Full HTML.”

  3. To embed an Online Express donation form on your website, paste the JavaScript from The Raiser’s Edge in the Body text box.
  4. At the bottom of the screen, click Save. You return to your home page.

 

WordPress

WordPress

  1. Go to http://wordpress.org/extend/plugins/raw-html/ and install the Raw HTML plug-in that allows you to disable automatic formatting and post raw HTML, JavaScript and CSS.
  2. For the web page where you will embed the JavaScript for your Online Express donation form, select the HTML tab.

  3. To embed an Online Express donation form on your website, paste the JavaScript from The Raiser’s Edge in the HTML and wrap it in [raw][/raw] tags. Make sure to use square brackets for the tags, not angle brackets.

 

 

Joomla

Joomla

  1. From Administration, click Plug-in Manager in the Extensions menu. The Plug-in Manager: Plugins page appears.
  2. In the grid, select the Editor - TinyMCE checkbox and click Edit. The Plug-in Manager: Editor - TinyMCE page appears.
    In the Status field under Details, select “Enabled.”

  3. In the Prohibited Elements field under Basic Options, remove “script” from the list.

  4. Click Save.
  5. Return to Administration and click Global configuration in the Site menu. The Global Configuration page appears.
  6. In the Default Editor field under Site Settings, select “Editor - TinyMCE.”

  7. Click Save.

 

DotNetNuke

DotNetNuke

  1. For the web page where you will embed the JavaScript for your Online Express donation form, click Manage and then click Edit Content under Edit. The Edit Content screen appears.

  2. At the top of the screen, select Basic Text Box.
  3. Below the Editor text box, select Raw.
  4. To embed an Online Express donation form on your website, paste the JavaScript from The Raiser’s Edge in the Editor text box.
  5. Below the Editor text box, click Save. You return to your home page.

Call Us

Call

Our award-winning support team & sales representatives are standing by to help!

contact a specialist now: 800.468.8996

Chat Now

Chat

Chat with our experienced staff to receive help right away.

Connect With Us Online

Connect

Subscribe to our feeds; friend us on Facebook; follow us on Twitter and YouTube!

Privacy Policy | Safe Harbor Notice | Terms of Use | Acceptable Use Policy | Sitemap | © 2015 Blackbaud, Inc. All Rights Reserved