Worked Further On LibreOffice Online Code And Docker Image

The Javascript packages in the former git repository of LibreOffice Online and ist fork were not up to date. Thus I hat to work on update them. This and the code update took a bunch of my spare time.

I had also to work on the configuration of the shrinkwrap/shrinkpack tooling. The former configuration and especially the file blocked the build process of the docker file. The naming of the shrinkpacked files changed.

Once this was fixed the browser part of LibreOffice was build sucessfully. And finally I was able to build a first lool docker container and start it.

I made a first test and could copy the loolwsd.xml from the container and also view the container log.

Updated The LibreOffice Online Code And JavaScript Modules

I worked further on the update of the LibreOffice Online source code during the last days. I brought it on par with its fork first. In parallel I worked on the JavaScript modules and were able to move them to newer versions. This fixes also some vulnerabilities, from critical to mid category. The npm tool doesn’t complain about vulnerabillities in the JavaScript area of the source code anymore yet.

Update JavaScript Modules Of LOOL

I had a look at the ‘zoo’ of JavaScript modules which are living in the browser part of LibreOffice Online and found a lot of outdated versions there. This modules need an update to newer versions. I’m working currently on this task step by step.

I also got the message in the shell about vulnarabilities in the modules, some of them classified high and one critical. I fixed a bunch of them with an npm command, thus there is no critical vulnarability left. The high classified dimished from 15 to five.

Next Step: Work On Docker File

I worked on the changes in the source code to create an up to day docker file of LibreOffice Online today. I had to adapt scripts to build the online version from source to LibreOffice Online for that and run it. Because the naming and the variable names of former scripts were changed with the fork I had to rework them.

I’m currently running the build process a second time and hope it will create a first version of a new LibreOffice Online docker container from source. Keep your fingers cross 😉

Work On Revival Of LibreOffice Online

I worked during the last two weeks on a revival of the LibreOffice Online project. This project / branch is a version of LibreOffice which runs in a browser and supports collaborative editing.

I fetched the commits, which has been commited to a fork of the LibreOffice Online (LOOL) branch since October 2020. But there had been some renamings of file names and strings, which increases the effort. I had to adapt those commits to the original file names and strings. There were also changes in the license header of some files. I had to revert the commit, which inserted those changes.

And then I got another issue with an hardware defect and I had to migrate my environment to another hardware. And yet I got everything up and running. The first screenshot shows LibreOffice Online Writer with a text document.

LibreOffice Online Writer Document in the Browser

And the next screenshot shows the Admin console of LibreOffice Online with some statistics. It shows also that there is currently one user working with one document.

LibreOffice Online Admin Console in the Browser

Test Of Plone 6.0a2 With Collective.Addons

I installed the current alpha release of Plone 6 (a2) using buildout. I created a Python 3.9 virtual environment and used it to build a Plone 6.0a2 instance. I could start this instance in forground mode with ‘instance fg’ and it was available at port 8080 on localhost.

This shows me a site where I could add a new Plone site to the instance. I used the advance button and could add the ‘plone.volto’ add-on to it. This makes it more easy to use the new Volto frontend later (see screenshot below).

Volto Home Plone 6.0-a2

Once I finished the first steps with a new Plone 6.0-a2 buildout I made some further steps and added one of my Plone add-ons to the buildout script. I ran the buildout again and was able to include my add-on, named ‘collective.addons’.

But once I started the instance in forground mode I got a traceback which points me to a line in the configure.zcml of the add-on. I had to comment out the line with ‘IncludeDependencies’ in this file and everything went fine. I could install the add-on in the Plone site and also use its content types. It was able to view the content types within the Plone classic frontend. But there is currently no complete view of the content types within the new Volto frontend available. I’ll work on this during the next weeks.

Further Short Volto Test

I activated the blocks feature on the Dexterity page type of Plone 6 with Volto and I get a new experience with the Volto frontend. Everything on the page are now similar to the work in a current WordPress site. I could move aroud this blocks very easily. And I found out that I could insert a blog for an image. I could set the size of this blog to small and align the image to the left side. I move this image block to the top and the first text block adapted its wide to the image block. You could see this behavior on the screenshot below.

Short Test With Volto On Plone-6-dev

I created an instance from the development branch of Plone 6. The source code of this branch could be cloned from the Github repository of the Open Source project:

I also cloned the Volto repository from Github: and started with building the backend. Then run ‘yarn start’ and fixed the missing dependencies, especially ‘razzle’ (yarn add razzle). Once this was done yarn build the Volto client and server. I could get the Volto interface at ‘localhost:3000’ yet. But it is missing a Plone instance, because it had not been up.

I fixed this by running the instance of my Plone 6 buildout, created a new Plone site with the default name ‘Plone’. This site could be reached in the (old) classic Plone interface at ‘localhost:8080/Plone’.

I had to install the ‘plone.restapi’ inside the new Plone site (within the settings site under ‘add-ons’). The Volto interface at ‘localhost:3000’ could connect to the Plone instance yet.

I made a first test with the new Volto interface and created a new Page inside the Plone instance (inside a folder) to test its functionality. I copied a text from a popular Open Source projects website for this test. I could paste it directly into the new page. Then I tried to insert a grafic into the page. But this functionality wasn’t available in my Volto interface yet. I could integrate this grafic within the edit feature of the classic Plone interface and display it also on the Volto interface. The screenshot at the top shows the result of my short test.

Plone Form Using Honeypot Technology

It’s always an issue to protect forms (especially contact or support forms) against robots and spammer.Usual technologies of protection are the use of question and answers (e.g. a calculation task) or a captcha. But this way of protection has an impact on the usability and user friendliness of the site and especially of the forms. The user get bothered by the necessity to always look an click on small pictures. And if you use the service recaptcha for the protection task you may get in addition into a privacy issue too. The picture below shows the HCaptcha protected form.

Plone contact form with hcaptcha protection

And once the user activated the checkbox to submit that she/he is no robot, the user get the captcha showed in the screenshot below.

Plone form HCaptcha user interaction

But there is a new solution for the protection task. This technology works with a honeypot technology. Plone community members created a new add-on, which build on this technology: collective.honeypot. They published releases on PyPI: The current release is version 2.0.

I used this honeypot add-on and its technology for new versions of Plone add-ons, which I already created and published some months ago. This add-ons contain mail forms to get in contact with the author of a product or a project owner. This forms previously used the captcha technology, and especially the recaptcha service. Thus I decided to move away from recaptcha. First I created a new version of the add-on, which uses the hcaptcha service. I created a new Plone add-on for this purpose: plone.formwidget.hcaptcha ( This add-on is available on PyPI: It’s current version is 1.0.

Plone contact form using honeypot technology

Once I finished the move to hcaptcha I worked on a further version of the Plone add-ons which uses the honeypot technology instead of hcaptcha. The honeypot technology makes it possible that the protection of the form works without the need of user interaction. The human user will not notice anything about this protection technology. The form has no visible extras, like e.g. a captcha (see screenshot above). Thus it is more user friendly. You can download the two Plone add-ons with the honeypot technology from PyPI:

Exploring New Plone Frontend ‘Volto’

I got the current version of Plone with the new frontend ‘Volto’ today. I cloned the repository ‘, installed ‘docker-composer’ on my machine, activated ‘docker’ and run ‘docker-composer up’ inside the new local git repository.

I got an error with a version conflict during the first run of the docker-composer command. I had to stop the command with ctrl + c. But the second run works without issues and the demo-site was up on ‘http://localhost:3000’. It uses the usual login for Plone development sites.

Volto default homepage

Once you’re logged in you’ll get a menu bar with tools to edit existing content and create new content on the left side (see screenshot below, logged in as admin user). (This is the only user after creating the new site, but it is possible to create new users with different, fine grained rights of access).

Volto homepage after login as admin user