You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@myfaces.apache.org by lo...@apache.org on 2020/08/06 09:07:21 UTC

[myfaces-tobago] branch tobago-4.x updated (a46cb6d -> 71ed013)

This is an automated email from the ASF dual-hosted git repository.

lofwyr pushed a change to branch tobago-4.x
in repository https://gitbox.apache.org/repos/asf/myfaces-tobago.git.


    from a46cb6d  MyFaces 2.2.12 -> 2.2.13
     new 82e59a8  TOBAGO-1843: Demo * Show Sanitizer Info
     new 71ed013  Demo: explain how to set csp

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../org/apache/myfaces/tobago/sanitizer/Sanitizer.java     |  4 ++++
 .../content/20-component/020-output/60-object/object.xhtml | 14 ++++++++++----
 2 files changed, 14 insertions(+), 4 deletions(-)

[myfaces-tobago] 02/02: Demo: explain how to set csp

Posted by lo...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

lofwyr pushed a commit to branch tobago-4.x
in repository https://gitbox.apache.org/repos/asf/myfaces-tobago.git

commit 71ed0134853f4c0016a68014b4914ab58324c562
Author: Udo Schnurpfeil <ud...@irian.eu>
AuthorDate: Thu Aug 6 10:45:20 2020 +0200

    Demo: explain how to set csp
    
    (cherry picked from commit e23e66bacbf4d8b15759d7cc4d6b2c5123482da0)
---
 .../content/20-component/020-output/60-object/object.xhtml | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/tobago-example/tobago-example-demo/src/main/webapp/content/20-component/020-output/60-object/object.xhtml b/tobago-example/tobago-example-demo/src/main/webapp/content/20-component/020-output/60-object/object.xhtml
index 8e48135..f3ed3ee 100644
--- a/tobago-example/tobago-example-demo/src/main/webapp/content/20-component/020-output/60-object/object.xhtml
+++ b/tobago-example/tobago-example-demo/src/main/webapp/content/20-component/020-output/60-object/object.xhtml
@@ -25,9 +25,7 @@
   <ui:param name="title" value="#{demoBundle.object} &lt;tc:object&gt;"/>
   <tc:script file="#{request.contextPath}/content/20-component/020-output/60-object/object.js"/>
 
-  <p>The <code class="language-markup">&lt;tc:object/></code> tag create an iframe.
-    External objects can be included, when Content Security Policy is activated.
-    You may add a child-src policy to the 'tobago-config.xml'.</p>
+  <p>The <code class="language-markup">&lt;tc:object/></code> tag creates an <code class="language-markup">&lt;iframe></code>.</p>
   <tc:link label="Tag Library Documentation" image="#{request.contextPath}/image/feather-leaf.png"
            link="#{demoBundle.tagDocUrl}/#{info.stableVersion}/tld/tc/object.html"/>
   <tc:section label="Basics">
@@ -35,9 +33,17 @@
     <tc:object id="o1"
                src="https://www.openstreetmap.org/export/embed.html?bbox=-60.75,11.15,-60.6,11.35"/>
   </tc:section>
+  <tc:section label="Content Security Policy (CSP)">
+    It's very usual to include content from external source.
+    When Content Security Policy is activated, you need to allow the external source explicitly, for
+    security reasons.
+    You need to add a child-src policy to the 'tobago-config.xml' like
+    <pre><code class="language-markup">&lt;directive name="child-src"&gt;https://www.openstreetmap.org&lt;/directive&gt;</code></pre>
+  </tc:section>
   <tc:section label="Style">
     <p>A <code class="language-markup">&lt;tc:object/></code> tag can contain a style tag.
-      In this case it's <code class="language-markup">&lt;tc:style width="100%"/></code>.</p>
+      In this case it's <code class="language-markup">&lt;tc:style width="100%"/></code> to
+      let grow the width to the full size of the container.</p>
     <tc:object id="o2"
                src="https://www.openstreetmap.org/export/embed.html?bbox=-60.75,11.15,-60.6,11.35">
       <tc:style width="100%"/>

[myfaces-tobago] 01/02: TOBAGO-1843: Demo * Show Sanitizer Info

Posted by lo...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

lofwyr pushed a commit to branch tobago-4.x
in repository https://gitbox.apache.org/repos/asf/myfaces-tobago.git

commit 82e59a8bbd9087b88d4f6aa8ab1d0907e9c0c452
Author: Udo Schnurpfeil <ud...@irian.eu>
AuthorDate: Thu Aug 6 10:51:09 2020 +0200

    TOBAGO-1843: Demo
    * Show Sanitizer Info
    
    (cherry picked from commit 4d32e20c0c0ac2d40f2bdfaa9c16ffb0346ebb15)
---
 .../src/main/java/org/apache/myfaces/tobago/sanitizer/Sanitizer.java  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tobago-core/src/main/java/org/apache/myfaces/tobago/sanitizer/Sanitizer.java b/tobago-core/src/main/java/org/apache/myfaces/tobago/sanitizer/Sanitizer.java
index 14bc019..efa3242 100644
--- a/tobago-core/src/main/java/org/apache/myfaces/tobago/sanitizer/Sanitizer.java
+++ b/tobago-core/src/main/java/org/apache/myfaces/tobago/sanitizer/Sanitizer.java
@@ -26,4 +26,8 @@ public interface Sanitizer {
   String sanitize(String html);
 
   void setProperties(Properties configuration);
+
+  default String getInfo() {
+    return toString();
+  };
 }