You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by ja...@apache.org on 2010/12/03 18:05:06 UTC
svn commit: r1041909 - in
/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main:
java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/
resources/static/
Author: jakobk
Date: Fri Dec 3 17:05:06 2010
New Revision: 1041909
URL: http://svn.apache.org/viewvc?rev=1041909&view=rev
Log:
EXTCDI-79 implement fallback if javascript is disabled
Modified:
myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/ClientSideWindowHandler.java
myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/DefaultWindowHandler.java
myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/static/windowhandler.html
Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/ClientSideWindowHandler.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/ClientSideWindowHandler.java?rev=1041909&r1=1041908&r2=1041909&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/ClientSideWindowHandler.java (original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/ClientSideWindowHandler.java Fri Dec 3 17:05:06 2010
@@ -53,6 +53,8 @@ public class ClientSideWindowHandler ext
private static final String WINDOW_ID_COOKIE_SUFFIX = "-codiWindowId";
private static final String UNINITIALIZED_WINDOW_ID_VALUE = "uninitializedWindowId";
private static final String WINDOW_ID_REPLACE_PATTERN = "$$windowIdValue$$";
+ private static final String NOSCRIPT_URL_REPLACE_PATTERN = "$$noscriptUrl$$";
+ private static final String NOSCRIPT_PARAMETER = "noscript";
@Inject
private ClientInformation clientInformation;
@@ -84,8 +86,8 @@ public class ClientSideWindowHandler ext
}
else
{
- // fallback
- return super.encodeURL(url);
+ // fallback - we have to add the windowId to the URL if JavaScript is disabled
+ return addWindowIdIfNecessary(url, getCurrentWindowId());
}
}
@@ -112,6 +114,13 @@ public class ClientSideWindowHandler ext
ExternalContext externalContext = facesContext.getExternalContext();
+ if (isNoscriptRequest(externalContext))
+ {
+ // the client has JavaScript disabled
+ clientInformation.setJavaScriptEnabled(false);
+ return;
+ }
+
String windowId = getWindowIdFromCookie(externalContext);
if (windowId == null)
{
@@ -148,6 +157,13 @@ public class ClientSideWindowHandler ext
return !this.requestTypeResolver.isPostRequest() && this.clientInformation.isJavaScriptEnabled();
}
+ private boolean isNoscriptRequest(ExternalContext externalContext)
+ {
+ String noscript = externalContext.getRequestParameterMap().get(NOSCRIPT_PARAMETER);
+
+ return (noscript != null && "true".equals(noscript));
+ }
+
private void sendWindowHandlerHtml(ExternalContext externalContext, String windowId)
{
HttpServletResponse httpResponse = (HttpServletResponse) externalContext.getResponse();
@@ -167,6 +183,10 @@ public class ClientSideWindowHandler ext
// set the windowId value in the javascript code
windowHandlerHtml = windowHandlerHtml.replace(WINDOW_ID_REPLACE_PATTERN, windowId);
+ // set the noscript-URL for users with no JavaScript
+ windowHandlerHtml = windowHandlerHtml.replace(
+ NOSCRIPT_URL_REPLACE_PATTERN, getNoscriptUrl(externalContext));
+
OutputStream os = httpResponse.getOutputStream();
try
{
@@ -183,6 +203,44 @@ public class ClientSideWindowHandler ext
}
}
+ private String getNoscriptUrl(ExternalContext externalContext)
+ {
+ String url = externalContext.getRequestPathInfo();
+ if (url == null)
+ {
+ url = "";
+ }
+
+ // only use the very last part of the url
+ int lastSlash = url.lastIndexOf('/');
+ if (lastSlash != -1)
+ {
+ url = url.substring(lastSlash + 1);
+ }
+
+ // add request parameter
+ url = JsfUtils.addRequestParameter(externalContext, url);
+
+ // add noscript parameter
+ if (url.contains("?"))
+ {
+ url = url + "&";
+ }
+ else
+ {
+ url = url + "?";
+ }
+ url = url + NOSCRIPT_PARAMETER + "=true";
+
+ // NOTE that the url could contain data for an XSS attack
+ // like e.g. ?"></a><a href%3D"http://hacker.org/attack.html?a
+ // DO NOT REMOVE THE FOLLOWING LINES!
+ url = url.replace("\"", "");
+ url = url.replace("\'", "");
+
+ return url;
+ }
+
private String getWindowIdFromCookie(ExternalContext externalContext)
{
String cookieName = getEncodedPathName(externalContext) + WINDOW_ID_COOKIE_SUFFIX;
Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/DefaultWindowHandler.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/DefaultWindowHandler.java?rev=1041909&r1=1041908&r2=1041909&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/DefaultWindowHandler.java (original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/DefaultWindowHandler.java Fri Dec 3 17:05:06 2010
@@ -163,7 +163,7 @@ public class DefaultWindowHandler implem
return RequestCache.getWindowContextManager().getCurrentWindowContext().getId();
}
- private String addWindowIdIfNecessary(String url, String windowId)
+ protected String addWindowIdIfNecessary(String url, String windowId)
{
if(url.contains(WINDOW_ID_PARAMETER_KEY))
{
Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/static/windowhandler.html
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/static/windowhandler.html?rev=1041909&r1=1041908&r2=1041909&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/static/windowhandler.html (original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/static/windowhandler.html Fri Dec 3 17:05:06 2010
@@ -58,5 +58,9 @@
</script>
</head>
<body>
+ <noscript>
+ Your browser does not support JavaScript.
+ Click <a href="$$noscriptUrl$$">here</a> to continue without JavaScript.
+ </noscript>
</body>
</html>