You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jo...@apache.org on 2009/02/09 03:34:24 UTC
svn commit: r742234 - in /ofbiz/trunk:
applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/
specialpurpose/webpos/webapp/webpos/includes/
Author: jonesde
Date: Mon Feb 9 02:34:23 2009
New Revision: 742234
URL: http://svn.apache.org/viewvc?rev=742234&view=rev
Log:
Fixed issue with general html encoding of String objects in FTL files being applied to dynamic JavaScript from groovy files by leaving them as StringBuffers, ie just removing the toString calls
Modified:
ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy
ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy
ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl
Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy?rev=742234&r1=742233&r2=742234&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy (original)
+++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy Mon Feb 9 02:34:23 2009
@@ -303,7 +303,7 @@
jsBuf.append(variantPriceJS.toString());
jsBuf.append("</script>");
- context.virtualJavaScript = jsBuf.toString();
+ context.virtualJavaScript = jsBuf;
}
}
}
Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy?rev=742234&r1=742233&r2=742234&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy (original)
+++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy Mon Feb 9 02:34:23 2009
@@ -375,7 +375,7 @@
jsBuf.append(variantPriceJS.toString());
jsBuf.append("</script>");
- context.virtualJavaScript = jsBuf.toString();
+ context.virtualJavaScript = jsBuf;
}
}
}
Modified: ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl?rev=742234&r1=742233&r2=742234&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl (original)
+++ ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl Mon Feb 9 02:34:23 2009
@@ -37,7 +37,6 @@
<link rel="stylesheet" href="<@o...@ofbizContentUrl>" type="text/css"/>
</#list>
</#if>
- ${layoutSettings?if_exists.extraHead?if_exists}
<#-- Append CSS for catalog -->
<#if catalogStyleSheet?exists>
Re: svn commit: r742234 - in /ofbiz/trunk:
applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/
specialpurpose/webpos/webapp/webpos/includes/
Posted by Hans Bakker <h....@antwebsystems.com>.
Hi David,
I highly appreciate the work you are doing in this area. If you would
not be there, i do not know when it would be done.(if ever)
thanks again,
Hans
On Mon, 2009-02-09 at 01:37 -0700, David E Jones wrote:
> No problem. I hope everyone's in favor of these painful changes I'm
> working on. They'll definitely have side effects and break things as
> we restrict various things, for the sake of security.
>
> Whatever the case, I'll be around to help pick up the pieces and
> resolve issues that I miss in testing based on these changes.
>
> On a side note, I wish we had done this a LONG time ago as it would
> make things less painful with less code and functionality in the
> project. Oh well, better late than never. This is taking a lot longer
> to do than I thought, and I'm having to try all sorts of different
> things before finding things that are effective and don't break too
> much. In other words, I'm understanding better why no one else has
> taken the plunge for this yet... :( I only wish some end-user was
> willing to pay for this sort of thing, but I guess most business
> people get upset about security after the fact more than they get
> worried about it in advance.
>
> Hopefully it doesn't screw up too much stuff and results in far
> cleaner and safer code... it seems to be heading in that direction at
> least.
>
> -David
>
>
> On Feb 9, 2009, at 1:09 AM, Jacques Le Roux wrote:
>
> > Thanks David,
> >
> > I saw you have used such a solution for other cases. I should have
> > thought about that
> >
> > Jacques
> >
> > From: <jo...@apache.org>
> >> Author: jonesde
> >> Date: Mon Feb 9 02:34:23 2009
> >> New Revision: 742234
> >>
> >> URL: http://svn.apache.org/viewvc?rev=742234&view=rev
> >> Log:
> >> Fixed issue with general html encoding of String objects in FTL
> >> files being applied to dynamic JavaScript from groovy files by
> >> leaving them as StringBuffers, ie just removing the toString calls
> >>
> >> Modified:
> >> ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
> >> entry/catalog/InlineProductDetail.groovy
> >> ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
> >> entry/catalog/ProductDetail.groovy
> >> ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl
> >>
> >> Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/
> >> actions/entry/catalog/InlineProductDetail.groovy
> >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy?rev=742234&r1=742233&r2=742234&view=diff
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =====================================================================
> >> --- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
> >> entry/catalog/InlineProductDetail.groovy (original)
> >> +++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
> >> entry/catalog/InlineProductDetail.groovy Mon Feb 9 02:34:23 2009
> >> @@ -303,7 +303,7 @@
> >> jsBuf.append(variantPriceJS.toString());
> >> jsBuf.append("</script>");
> >>
> >> - context.virtualJavaScript = jsBuf.toString();
> >> + context.virtualJavaScript = jsBuf;
> >> }
> >> }
> >> }
> >>
> >> Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/
> >> actions/entry/catalog/ProductDetail.groovy
> >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy?rev=742234&r1=742233&r2=742234&view=diff
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =====================================================================
> >> --- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
> >> entry/catalog/ProductDetail.groovy (original)
> >> +++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
> >> entry/catalog/ProductDetail.groovy Mon Feb 9 02:34:23 2009
> >> @@ -375,7 +375,7 @@
> >> jsBuf.append(variantPriceJS.toString());
> >> jsBuf.append("</script>");
> >>
> >> - context.virtualJavaScript = jsBuf.toString();
> >> + context.virtualJavaScript = jsBuf;
> >> }
> >> }
> >> }
> >>
> >> Modified: ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/
> >> Header.ftl
> >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl?rev=742234&r1=742233&r2=742234&view=diff
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =====================================================================
> >> --- ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/
> >> Header.ftl (original)
> >> +++ ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/
> >> Header.ftl Mon Feb 9 02:34:23 2009
> >> @@ -37,7 +37,6 @@
> >> <link rel="stylesheet" href="<@ofbizContentUrl>$
> >> {styleSheet}</...@ofbizContentUrl>" type="text/css"/>
> >> </#list>
> >> </#if>
> >> - ${layoutSettings?if_exists.extraHead?if_exists}
> >>
> >> <#-- Append CSS for catalog -->
> >> <#if catalogStyleSheet?exists>
> >>
> >
--
http://www.antwebsystems.com :
Quality OFBiz support for competitive rates....
Re: svn commit: r742234 - in /ofbiz/trunk: applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ specialpurpose/webpos/webapp/webpos/includes/
Posted by David E Jones <da...@hotwaxmedia.com>.
No problem. I hope everyone's in favor of these painful changes I'm
working on. They'll definitely have side effects and break things as
we restrict various things, for the sake of security.
Whatever the case, I'll be around to help pick up the pieces and
resolve issues that I miss in testing based on these changes.
On a side note, I wish we had done this a LONG time ago as it would
make things less painful with less code and functionality in the
project. Oh well, better late than never. This is taking a lot longer
to do than I thought, and I'm having to try all sorts of different
things before finding things that are effective and don't break too
much. In other words, I'm understanding better why no one else has
taken the plunge for this yet... :( I only wish some end-user was
willing to pay for this sort of thing, but I guess most business
people get upset about security after the fact more than they get
worried about it in advance.
Hopefully it doesn't screw up too much stuff and results in far
cleaner and safer code... it seems to be heading in that direction at
least.
-David
On Feb 9, 2009, at 1:09 AM, Jacques Le Roux wrote:
> Thanks David,
>
> I saw you have used such a solution for other cases. I should have
> thought about that
>
> Jacques
>
> From: <jo...@apache.org>
>> Author: jonesde
>> Date: Mon Feb 9 02:34:23 2009
>> New Revision: 742234
>>
>> URL: http://svn.apache.org/viewvc?rev=742234&view=rev
>> Log:
>> Fixed issue with general html encoding of String objects in FTL
>> files being applied to dynamic JavaScript from groovy files by
>> leaving them as StringBuffers, ie just removing the toString calls
>>
>> Modified:
>> ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
>> entry/catalog/InlineProductDetail.groovy
>> ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
>> entry/catalog/ProductDetail.groovy
>> ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl
>>
>> Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/
>> actions/entry/catalog/InlineProductDetail.groovy
>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy?rev=742234&r1=742233&r2=742234&view=diff
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =====================================================================
>> --- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
>> entry/catalog/InlineProductDetail.groovy (original)
>> +++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
>> entry/catalog/InlineProductDetail.groovy Mon Feb 9 02:34:23 2009
>> @@ -303,7 +303,7 @@
>> jsBuf.append(variantPriceJS.toString());
>> jsBuf.append("</script>");
>>
>> - context.virtualJavaScript = jsBuf.toString();
>> + context.virtualJavaScript = jsBuf;
>> }
>> }
>> }
>>
>> Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/
>> actions/entry/catalog/ProductDetail.groovy
>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy?rev=742234&r1=742233&r2=742234&view=diff
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =====================================================================
>> --- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
>> entry/catalog/ProductDetail.groovy (original)
>> +++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
>> entry/catalog/ProductDetail.groovy Mon Feb 9 02:34:23 2009
>> @@ -375,7 +375,7 @@
>> jsBuf.append(variantPriceJS.toString());
>> jsBuf.append("</script>");
>>
>> - context.virtualJavaScript = jsBuf.toString();
>> + context.virtualJavaScript = jsBuf;
>> }
>> }
>> }
>>
>> Modified: ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/
>> Header.ftl
>> URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl?rev=742234&r1=742233&r2=742234&view=diff
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =====================================================================
>> --- ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/
>> Header.ftl (original)
>> +++ ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/
>> Header.ftl Mon Feb 9 02:34:23 2009
>> @@ -37,7 +37,6 @@
>> <link rel="stylesheet" href="<@ofbizContentUrl>$
>> {styleSheet}</...@ofbizContentUrl>" type="text/css"/>
>> </#list>
>> </#if>
>> - ${layoutSettings?if_exists.extraHead?if_exists}
>>
>> <#-- Append CSS for catalog -->
>> <#if catalogStyleSheet?exists>
>>
>
Re: svn commit: r742234 - in /ofbiz/trunk: applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ specialpurpose/webpos/webapp/webpos/includes/
Posted by Jacques Le Roux <ja...@les7arts.com>.
Thanks David,
I saw you have used such a solution for other cases. I should have thought about that
Jacques
From: <jo...@apache.org>
> Author: jonesde
> Date: Mon Feb 9 02:34:23 2009
> New Revision: 742234
>
> URL: http://svn.apache.org/viewvc?rev=742234&view=rev
> Log:
> Fixed issue with general html encoding of String objects in FTL files being applied to dynamic JavaScript from groovy files by
> leaving them as StringBuffers, ie just removing the toString calls
>
> Modified:
> ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy
> ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy
> ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl
>
> Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy
> URL:
> http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy?rev=742234&r1=742233&r2=742234&view=diff
> ==============================================================================
> --- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy (original)
> +++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy Mon Feb 9 02:34:23
> 2009
> @@ -303,7 +303,7 @@
> jsBuf.append(variantPriceJS.toString());
> jsBuf.append("</script>");
>
> - context.virtualJavaScript = jsBuf.toString();
> + context.virtualJavaScript = jsBuf;
> }
> }
> }
>
> Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy
> URL:
> http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy?rev=742234&r1=742233&r2=742234&view=diff
> ==============================================================================
> --- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy (original)
> +++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy Mon Feb 9 02:34:23 2009
> @@ -375,7 +375,7 @@
> jsBuf.append(variantPriceJS.toString());
> jsBuf.append("</script>");
>
> - context.virtualJavaScript = jsBuf.toString();
> + context.virtualJavaScript = jsBuf;
> }
> }
> }
>
> Modified: ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl
> URL:
> http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl?rev=742234&r1=742233&r2=742234&view=diff
> ==============================================================================
> --- ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl (original)
> +++ ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl Mon Feb 9 02:34:23 2009
> @@ -37,7 +37,6 @@
> <link rel="stylesheet" href="<@o...@ofbizContentUrl>" type="text/css"/>
> </#list>
> </#if>
> - ${layoutSettings?if_exists.extraHead?if_exists}
>
> <#-- Append CSS for catalog -->
> <#if catalogStyleSheet?exists>
>
>