Skip to content

Predefined Widget Not Rendering for Community Integrations #620

Open
Open
Predefined Widget Not Rendering for Community Integrations#620
@jayminp-crest

Description

@jayminp-crest
jayminp-crest
opened on Mar 16, 2026

Describe the bug
Predefined widgets created for custom/community integrations do not render in the Alert View after action execution, despite the action returning valid JSON responses. Additionally, widget updates are not reflected after re-pushing the integration code.

I am experiencing issues with predefined widgets for custom actions in community integrations:

  1. Widget Not Rendering: Although the action executes successfully and returns valid JSON, the predefined widget does not appear in the Alert View
  2. Updates Not Applied: After modifying widget HTML/YAML and re-pushing with mp dev-env push integration, changes are not reflected in the SOAR instance
  3. CSS/JS Not Working: When creating a manual HTML widget with identical code, it displays but without CSS styling. JavaScript appears to be blocked by a policy

To Reproduce
Steps to reproduce the behavior:

  1. In the repo Create Predefined Widget Structure
integration_name/
└── widgets/
    ├── action_name.yaml
    └── action_name.html
  1. Configure Widget YAML
    Reference: Stairwell Integration Example

Example action_name.yaml:

title: Host timeline
type: html
scope: alert
action_identifier: Get Host History
description: Display host history data.
data_definition:
    html_height: 600
    safe_rendering: false
    type: html
    widget_definition_scope: both
condition_group:
    conditions:
        -   field_name: '[{stepInstanceName}.JsonResult]'
            value: ''
            match_type: is_not_empty
    logical_operator: and
default_size: full_width
  1. Create Widget HTML
    Example action_name.html:
...
<script>
if ('[{stepInstanceName}.is_success]' == 'true') {
    hostHistoryData = [{stepInstanceName}.JsonResult]
    // Widget rendering logic
}
</script>
...
  1. Push Integration to SOAR Instance
# Setup development environment
mp dev-env --api-root <API_ROOT> --api-key <API_KEY>

# Push integration with widget
mp dev-env push integration

  1. Test Widget in SOAR

    1. Navigate to Google SecOps SOAR instance
    2. Create a playbook with the action for which the predefined widget was created
    3. Click "Add new Alert view" and select the role
    4. Execute the playbook in an Alert (action returns valid JSON response)
    5. Expected: Predefined widget appears in Alert View
    6. Actual: Widget does not render despite condition being satisfied

  2. Attempt Manual Widget Creation

    1. Create a manual HTML widget using identical code from action_name.html
    2. Result: HTML renders but CSS is not applied and JavaScript does not execute
    3. <noscript> tags render successfully, suggesting JS execution is blocked by policy

Expected Behavior

  • Predefined widget should render in Alert View when action completes successfully and condition is satisfied
  • Widget updates should be reflected after re-pushing integration
  • CSS and JavaScript should execute properly in predefined widgets

Actual Behavior

  • Widget does not appear in Alert View despite valid JSON response
  • Re-pushing integration does not update widget code
  • CSS styling is not applied
  • JavaScript appears to be blocked by security policy

Debugging Challenges

1. No Visibility into Widget Rendering

  • No console errors or logs indicating why widget fails to render
  • Condition evaluation is opaque - cannot verify if [{stepInstanceName}.JsonResult] is being properly evaluated

2. Inconsistent Behavior

  • Manual HTML widgets display (without styling) but predefined widgets do not
  • Same code works in existing Content Hub integrations but not in custom integrations
  • <noscript> renders but <script> does not execute (refer)

3. Update Propagation Issues

  • Changes to widget HTML/YAML are not reflected after mp dev-env push integration

Additional Context

Related Community Discussions

  1. Facing issue with CSS and JS in predefined widgets
  2. Predefined widget for custom actions

Questions

  1. Widget Rendering: How can I debug why the predefined widget condition is not being satisfied or why the widget fails to render after action execution?

  2. Update Propagation: Why aren't widget HTML/YAML updates being applied after re-pushing the integration? Is there a cache invalidation step or additional command required?

  3. CSS/JS Restrictions: What security policies govern CSS and JavaScript execution in predefined widgets? Are there specific requirements or whitelisting needed for community integrations?

  4. Condition Evaluation: How can I verify that the condition field_name: '[{stepInstanceName}.JsonResult]' is being properly evaluated? Are there logs or debugging endpoints available?

  5. Documentation: Will official documentation for predefined widget creation be provided? Current implementation relies on reverse-engineering existing integrations.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions