Restrictions

The Plugin Framework is specifically designed to protect the security of the user and protect the user experience. While plugins are based on standard HTML, CSS and JavaScript, the full complexity of a modern browser is not supported.

As such, these are some restrictions to keep in mind as you build your plugin’s user interface.

Modifying the Banno UI/UX

Plugins are rendered as UI summary cards on the Dashboard of our apps. An optional primary action button leads users to a full-screen view of content.

Plugins cannot modify any part of Banno’s UI beyond the designated area of their Dashboard card. See the User Interface topic for more details.

Opening new windows

The Plugin Framework does not support opening arbitrary new windows for Banno Mobile and Banno Online except through very specific mechanisms.

The most common use case is to activate the Expanded View from the Card Face.

• See the Designing and Developing Plugins guide for discussion on the differences between activating the Expanded View by using a configured primary action button compared to using the Plugin Bridge.

An alternative use case is to open an embedded web browser link via the Plugin Bridge.

Navigating back to online banking

For Banno Online, the full-screen view of your plugin content is displayed in the user’s browser as a complete web page. It is highly recommended to provide a link back to the Dashboard from the full-screen view.

For Banno Mobile, the full-screen view of your plugin content is displayed in a full-screen web view with a “Done” button. Users can navigate from your plugin content back to online banking by tapping the “Done” button. The full-screen view will be closed and the user will be returned to the Dashboard. See the User Interface topic for more details.

Suppressing plugins for a single channel

Plugins are displayed for both Banno Mobile and Banno Online. There is no way to suppress a plugin from appearing in a single channel.

Plugins should be designed to be responsive and adapt to a variety of screen sizes to accommodate a great user experience for both Banno Mobile and Banno Online users.

Rendering PDFs

PDFs are potentially challenging for plugins.

The iOS operating system includes a built-in PDF renderer. However, you may find multi-page PDFs unscrollable.

The Android operating system does not include a built-in PDF renderer. The operating system relegates PDF rendering to an external app and not all devices have one installed.

Sandboxing

In Banno Online, plugins are loaded in a sandboxed iframe. The sandboxed iframe allows 3rd party content to be loaded without compromising the security of Banno Online. Since plugins load in both Banno Online and Banno Mobile, some of the sandbox restrictions prevent developers from attempting actions that will not work in a native mobile application.

These are the iframe sandbox attributes which are enabled:

• allow-downloads
• allow-forms
• allow-modals
• allow-same-origin
• allow-scripts
• allow-top-navigation-by-user-activation

Learn more about operating safely within sandboxed iframes.

Content Security Policy (CSP)

Banno Online applies a Content Security Policy (CSP) for enhanced security. The implication for plugins is that JavaScript and CSS handling are limited by what is allowed in the CSP.

The CSP is dynamically updated when Redirect URIs are added to an External Application.

If your JavaScript or CSS is denied by the CSP (e.g. because they are hosted by a different domain than what is configured for the plugin’s Card Face or Expanded View), then update the appropriate External Application with an additional Redirect URI which points to the domain where the JavaScript or CSS is hosted.

Native APIs / operating system APIs

The Plugin Framework does not support accessing native APIs or operating system APIs.

So the following are not supported in plugins:

• Geolocation
• Camera access
• Microphone
• Address book / contacts
• Apple Wallet / Google Wallet
• Apple Pay / Google Pay