You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by ja...@apache.org on 2010/12/03 18:05:06 UTC

svn commit: r1041909 - in /myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main: java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/ resources/static/

Author: jakobk
Date: Fri Dec  3 17:05:06 2010
New Revision: 1041909

URL: http://svn.apache.org/viewvc?rev=1041909&view=rev
Log:
EXTCDI-79 implement fallback if javascript is disabled

Modified:
    myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/ClientSideWindowHandler.java
    myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/DefaultWindowHandler.java
    myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/static/windowhandler.html

Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/ClientSideWindowHandler.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/ClientSideWindowHandler.java?rev=1041909&r1=1041908&r2=1041909&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/ClientSideWindowHandler.java (original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/ClientSideWindowHandler.java Fri Dec  3 17:05:06 2010
@@ -53,6 +53,8 @@ public class ClientSideWindowHandler ext
     private static final String WINDOW_ID_COOKIE_SUFFIX = "-codiWindowId";
     private static final String UNINITIALIZED_WINDOW_ID_VALUE = "uninitializedWindowId";
     private static final String WINDOW_ID_REPLACE_PATTERN = "$$windowIdValue$$";
+    private static final String NOSCRIPT_URL_REPLACE_PATTERN = "$$noscriptUrl$$";
+    private static final String NOSCRIPT_PARAMETER = "noscript";
 
     @Inject
     private ClientInformation clientInformation;
@@ -84,8 +86,8 @@ public class ClientSideWindowHandler ext
         }
         else
         {
-            // fallback
-            return super.encodeURL(url);
+            // fallback - we have to add the windowId to the URL if JavaScript is disabled
+            return addWindowIdIfNecessary(url, getCurrentWindowId());
         }
     }
 
@@ -112,6 +114,13 @@ public class ClientSideWindowHandler ext
 
         ExternalContext externalContext = facesContext.getExternalContext();
 
+        if (isNoscriptRequest(externalContext))
+        {
+            // the client has JavaScript disabled
+            clientInformation.setJavaScriptEnabled(false);
+            return;
+        }
+
         String windowId = getWindowIdFromCookie(externalContext);
         if (windowId == null)
         {
@@ -148,6 +157,13 @@ public class ClientSideWindowHandler ext
         return !this.requestTypeResolver.isPostRequest() && this.clientInformation.isJavaScriptEnabled();
     }
 
+    private boolean isNoscriptRequest(ExternalContext externalContext)
+    {
+        String noscript = externalContext.getRequestParameterMap().get(NOSCRIPT_PARAMETER);
+
+        return (noscript != null && "true".equals(noscript));
+    }
+
     private void sendWindowHandlerHtml(ExternalContext externalContext, String windowId)
     {
         HttpServletResponse httpResponse = (HttpServletResponse) externalContext.getResponse();
@@ -167,6 +183,10 @@ public class ClientSideWindowHandler ext
             // set the windowId value in the javascript code
             windowHandlerHtml = windowHandlerHtml.replace(WINDOW_ID_REPLACE_PATTERN, windowId);
 
+            // set the noscript-URL for users with no JavaScript
+            windowHandlerHtml = windowHandlerHtml.replace(
+                    NOSCRIPT_URL_REPLACE_PATTERN, getNoscriptUrl(externalContext));
+
             OutputStream os = httpResponse.getOutputStream();
             try
             {
@@ -183,6 +203,44 @@ public class ClientSideWindowHandler ext
         }
     }
 
+    private String getNoscriptUrl(ExternalContext externalContext)
+    {
+        String url = externalContext.getRequestPathInfo();
+        if (url == null)
+        {
+            url = "";
+        }
+
+        // only use the very last part of the url
+        int lastSlash = url.lastIndexOf('/');
+        if (lastSlash != -1)
+        {
+            url = url.substring(lastSlash + 1);
+        }
+
+        // add request parameter
+        url = JsfUtils.addRequestParameter(externalContext, url);
+
+        // add noscript parameter
+        if (url.contains("?"))
+        {
+            url = url + "&";
+        }
+        else
+        {
+            url = url + "?";
+        }
+        url = url + NOSCRIPT_PARAMETER + "=true";
+
+        // NOTE that the url could contain data for an XSS attack
+        // like e.g. ?"></a><a href%3D"http://hacker.org/attack.html?a
+        // DO NOT REMOVE THE FOLLOWING LINES!
+        url = url.replace("\"", "");
+        url = url.replace("\'", "");
+
+        return url;
+    }
+
     private String getWindowIdFromCookie(ExternalContext externalContext)
     {
         String cookieName = getEncodedPathName(externalContext) + WINDOW_ID_COOKIE_SUFFIX;

Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/DefaultWindowHandler.java
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/DefaultWindowHandler.java?rev=1041909&r1=1041908&r2=1041909&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/DefaultWindowHandler.java (original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/java/org/apache/myfaces/extensions/cdi/jsf/impl/scope/conversation/DefaultWindowHandler.java Fri Dec  3 17:05:06 2010
@@ -163,7 +163,7 @@ public class DefaultWindowHandler implem
         return RequestCache.getWindowContextManager().getCurrentWindowContext().getId();
     }
 
-    private String addWindowIdIfNecessary(String url, String windowId)
+    protected String addWindowIdIfNecessary(String url, String windowId)
     {
         if(url.contains(WINDOW_ID_PARAMETER_KEY))
         {

Modified: myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/static/windowhandler.html
URL: http://svn.apache.org/viewvc/myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/static/windowhandler.html?rev=1041909&r1=1041908&r2=1041909&view=diff
==============================================================================
--- myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/static/windowhandler.html (original)
+++ myfaces/extensions/cdi/trunk/jee-modules/jsf-module/impl/src/main/resources/static/windowhandler.html Fri Dec  3 17:05:06 2010
@@ -58,5 +58,9 @@
         </script>
     </head>
 <body>
+    <noscript>
+        Your browser does not support JavaScript.
+        Click <a href="$$noscriptUrl$$">here</a> to continue without JavaScript.
+    </noscript>
 </body>
 </html>