You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tapestry.apache.org by hl...@apache.org on 2012/11/02 19:13:58 UTC

[1/3] git commit: Exclude messages that are explicitly private, or that contain '%' (the Java format specifier)

Updated Branches:
  refs/heads/5.4-js-rewrite 25a9b9213 -> b33dba042


Exclude messages that are explicitly private, or that contain '%' (the Java format specifier)


Project: http://git-wip-us.apache.org/repos/asf/tapestry-5/repo
Commit: http://git-wip-us.apache.org/repos/asf/tapestry-5/commit/b33dba04
Tree: http://git-wip-us.apache.org/repos/asf/tapestry-5/tree/b33dba04
Diff: http://git-wip-us.apache.org/repos/asf/tapestry-5/diff/b33dba04

Branch: refs/heads/5.4-js-rewrite
Commit: b33dba042aae376d0162628d57a4a3b0bf073192
Parents: f81e458
Author: Howard M. Lewis Ship <hl...@apache.org>
Authored: Fri Nov 2 11:13:53 2012 -0700
Committer: Howard M. Lewis Ship <hl...@apache.org>
Committed: Fri Nov 2 11:13:53 2012 -0700

----------------------------------------------------------------------
 .../META-INF/modules/core/messages.coffee          |   13 +++++++++++--
 .../internal/util/MessageCatalogResource.java      |   15 +++++++++++++--
 tapestry-core/src/test/app1/WEB-INF/app.properties |    3 +++
 .../integration/app1/pages/test-messages.coffee    |   14 +++++++++++++-
 4 files changed, 40 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/b33dba04/tapestry-core/src/main/coffeescript/META-INF/modules/core/messages.coffee
----------------------------------------------------------------------
diff --git a/tapestry-core/src/main/coffeescript/META-INF/modules/core/messages.coffee b/tapestry-core/src/main/coffeescript/META-INF/modules/core/messages.coffee
index 8aa950a..9484178 100644
--- a/tapestry-core/src/main/coffeescript/META-INF/modules/core/messages.coffee
+++ b/tapestry-core/src/main/coffeescript/META-INF/modules/core/messages.coffee
@@ -17,6 +17,16 @@
 # the same purpose. This one is different, as it is necessary to compute one of the dependencies.
 # On the server `core/messages/<locale>` is actually generated dynamically, as is a simple
 # mapping of message keys to message values, from the global application message catalog.
+#
+# This module provides access to localized messages from the Tapestry applications' server-side
+# application message catalog (which is, itself, built from multiple resources, some provided by
+# the framework, others provided by the application, or third-party libraries).
+#
+# Messages in the catalog that contain Java-style format specifiers are not included, as there
+# is not facility for formatting those on the client. This is actually done as a simple test for the
+# presence of the `%` character.  In addition, any message key that begins with "private-" is
+# assumed to contain sensitive data (such as database URLs or passwords) and will not be
+# exposed to the client.
 do ->
   # In the unexpected case that the data-locale attribute is missing, assume English
   locale = (document.documentElement.getAttribute "data-locale") or "en"
@@ -39,6 +49,5 @@ do ->
       get.keys = -> _.keys messages
 
 
-      # Export get as the main function; perhaps later we'll add a "format"
-      # or something similar as a property of get.
+      # Export get as the main function.
       return get

http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/b33dba04/tapestry-core/src/main/java/org/apache/tapestry5/internal/util/MessageCatalogResource.java
----------------------------------------------------------------------
diff --git a/tapestry-core/src/main/java/org/apache/tapestry5/internal/util/MessageCatalogResource.java b/tapestry-core/src/main/java/org/apache/tapestry5/internal/util/MessageCatalogResource.java
index 3ba7505..23848b2 100644
--- a/tapestry-core/src/main/java/org/apache/tapestry5/internal/util/MessageCatalogResource.java
+++ b/tapestry-core/src/main/java/org/apache/tapestry5/internal/util/MessageCatalogResource.java
@@ -97,7 +97,6 @@ public class MessageCatalogResource extends VirtualResource
             bytes = assembleCatalog().getBytes(UTF8);
         }
 
-
         return bytes;
     }
 
@@ -109,7 +108,19 @@ public class MessageCatalogResource extends VirtualResource
 
         for (String key : messages.getKeys())
         {
-            catalog.put(key, messages.get(key));
+            if (key.startsWith("private-"))
+            {
+                continue;
+            }
+
+            String value = messages.get(key);
+
+            if (value.contains("%"))
+            {
+                continue;
+            }
+
+            catalog.put(key, value);
         }
 
         StringBuilder builder = new StringBuilder(2000);

http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/b33dba04/tapestry-core/src/test/app1/WEB-INF/app.properties
----------------------------------------------------------------------
diff --git a/tapestry-core/src/test/app1/WEB-INF/app.properties b/tapestry-core/src/test/app1/WEB-INF/app.properties
index f60825b..5551efe 100644
--- a/tapestry-core/src/test/app1/WEB-INF/app.properties
+++ b/tapestry-core/src/test/app1/WEB-INF/app.properties
@@ -18,3 +18,6 @@ viewlink-label=View
 overridden-by-app=[app]
 
 client-accessible=Client Accessible
+
+not-visible=Contains a %, not visible.
+private-is-not-visible=Not visible because of private- prefix.

http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/b33dba04/tapestry-core/src/test/coffeescript/org/apache/tapestry5/integration/app1/pages/test-messages.coffee
----------------------------------------------------------------------
diff --git a/tapestry-core/src/test/coffeescript/org/apache/tapestry5/integration/app1/pages/test-messages.coffee b/tapestry-core/src/test/coffeescript/org/apache/tapestry5/integration/app1/pages/test-messages.coffee
index c41949f..a7daa24 100644
--- a/tapestry-core/src/test/coffeescript/org/apache/tapestry5/integration/app1/pages/test-messages.coffee
+++ b/tapestry-core/src/test/coffeescript/org/apache/tapestry5/integration/app1/pages/test-messages.coffee
@@ -1,10 +1,22 @@
-require ["core/messages"], (messages) ->
+require ["core/messages", "_"], (messages, _) ->
 
   module "core/messages"
 
+  missing = (key) ->
+    (_.indexOf messages.keys(), key) is -1
+
   test "access known key", ->
     equal messages("client-accessible"), "Client Accessible"
 
   test "unknown messages key", ->
 
     equal messages("gnip-gnop"), "[[Missing Key: 'gnip-gnop']]"
+
+  test "messages values with '%' are not client accessible", ->
+
+    ok missing "not-visible"
+
+  test "messages prefixed with 'private-' are not client accessible", ->
+
+    ok missing "private-is-not-visible"
+