Introduction to Content Controls

This page contains:

Up until now, we've worked with one type of placeholders, those used for custom document properties.

There is a second type of placeholder, the one used to display information about your findings. These use a Word feature called Content Controls.

To start playing around with Content Controls, you first need to activate the Developer tab in Word's Ribbon.

Show the Developer Tab

To paraphrase Microsoft's instructions:

  1. Click the File tab.
  2. Click Options.
  3. Click Customize Ribbon.
  4. Under Customize the Ribbon and under Main Tabs, select the Developer check box.

We will mainly be using the Rich Text content Control button:

Reports 03

Oh, and do you see the Design Mode button to the right? Activate that one too:

Reports 15

Your first Content Control

Lets go ahead and insert a new Rich Text content control in an empty page:

Reports 16

That was easy enough. Now we've got a placeholder and we need to tell it what type of information we want to output.

Click on Properties (under the Design Mode button), to bring up the control's properties page:

Reports 17
Title
Is the name of the field we want to output. For example: Description or CVSSv2.
Tag
Is were we create filters (as explained in Filtering and sorting section).

Also, it's always a good thing to tick the Remove content control when contents are edited checkbox at the bottom.

Lets start with something simple, just populate the Title value with Description, this will create a placeholder for the Description field of our findings:

Reports 18

Click OK and our placeholder now looks a lot better:

Reports 19

Note that if you open the Content Control Properties window again, Word would have auto-populated the Tag value, that's 100% fine:

Reports 24

Lets repeat the steps for a few additional placeholders:

Reports 20

Placeholder text needs "Placeholder text"

We've added the content controls but they're all using the Normal style. What if we want to add headings or other special styles to specific content controls?

The important thing to remember is "Placeholder text".

If you open the reveal formatting pane (SHIFT & F1) in Word and put your cursor inside an unstyled content control, you'll see that it has the Placeholder text character style applied:

Reports 170

If you apply a style (e.g. Heading 1) inside the content control, the Placeholder text style will be lost and the Dradis reporting engine won't be able to replace the content control with the text from your project.

Reports 172

Instead of creating the content control, then applying the style, you'll actually want to reverse the order:

  1. Create a new (blank) paragraph in Word

  2. Apply the style (e.g. Heading 1) to the blank paragraph

  3. Finally, add the content control (e.g. Title) to the styled paragraph

Reports 171

This is everything we need for now. Each placeholder will extract the corresponding value from the fields in your finding.

However, the astute reader (that would be you) would have noticed there is something missing from this picture if we compare it with the one we saw in the Introduction to Word templates section.

If we have more than one finding in our project, how do we tell the reporting engine that we want to repeat this section of the document for each finding?

Glad you asked, that's what the Issue content control is all about.

First, we want to make sure you understand a quirk that our team likes to call "The Crazy Triangles ™". Understanding it now will save you a lot of frustration later!

Next help article: The Crazy Triangles ™ →

InfoSec project delivery 5-day crash course

Learn innovative, actionable techniques and approaches for reducing the overhead that drags down InfoSec project delivery. You’ll learn how to optimize:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.