You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2017/01/23 08:56:33 UTC
svn commit: r1779895 - in /myfaces/tobago/trunk: src/site/ src/site/apt/
tobago-example/tobago-example-demo/src/main/resources/org/apache/myfaces/tobago/example/demo/
tobago-example/tobago-example-demo/src/main/webapp/content/10-intro/40-new+in+2+0/
to...
Author: lofwyr
Date: Mon Jan 23 08:56:33 2017
New Revision: 1779895
URL: http://svn.apache.org/viewvc?rev=1779895&view=rev
Log:
new page "New in Tobago 2.0" moved to demo
[developed by hnoeth]
Added:
myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/10-intro/40-new+in+2+0/
myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/10-intro/40-new+in+2+0/new+in+2+0.xhtml
Removed:
myfaces/tobago/trunk/src/site/apt/new-2.0.apt
Modified:
myfaces/tobago/trunk/src/site/apt/index.apt
myfaces/tobago/trunk/src/site/site.xml
myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/resources/org/apache/myfaces/tobago/example/demo/Demo.xml
myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/10-intro/50-migration/97-migration/migration30.xhtml
Modified: myfaces/tobago/trunk/src/site/apt/index.apt
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/src/site/apt/index.apt?rev=1779895&r1=1779894&r2=1779895&view=diff
==============================================================================
--- myfaces/tobago/trunk/src/site/apt/index.apt (original)
+++ myfaces/tobago/trunk/src/site/apt/index.apt Mon Jan 23 08:56:33 2017
@@ -455,7 +455,7 @@ svn switch https://svn.apache.org/repos/
Release notes can be found in
{{{http://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310273&styleName=Html&version=12321253}Jira}}.
- See section: {{{./new-2.0.html} What's new in Tobago 2.0?}}
+ See section: {{{http://www.irian.biz/tobago-example-demo/faces/content/10-intro/40-new+in+2+0/new+in+2+0.xhtml} What's new in Tobago 2.0?}}
\ {}
~~ hack for a bit space
Modified: myfaces/tobago/trunk/src/site/site.xml
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/src/site/site.xml?rev=1779895&r1=1779894&r2=1779895&view=diff
==============================================================================
--- myfaces/tobago/trunk/src/site/site.xml (original)
+++ myfaces/tobago/trunk/src/site/site.xml Mon Jan 23 08:56:33 2017
@@ -53,10 +53,9 @@
<item name="Getting Started" href="http://myfaces.apache.org/tobago/getting-started.html"/>
<item name="Compatibility" href="http://myfaces.apache.org/tobago/compatibility.html"/>
<item name="New in Tobago 3.0" href="http://www.irian.biz/tobago-example-demo/faces/content/10-intro/30-new+in+3+0/new+in+3+0.xhtml"/>
- <item name="New in Tobago 2.0" href="http://myfaces.apache.org/tobago/new-2.0.html"/>
<item name="Guide to Tobago" href="http://myfaces.apache.org/tobago/guide.html"/>
<item name="Test Tobago 3.0 Demo" href="http://myfaces.apache.org/tobago/howto-test.html"/>
- <item name="Migration to 3.0" href="http://www.irian.biz/tobago-example-demo/faces/content/10-intro/50-migration/97-migration/migration30.xhtml"/>
+ <item name="Migration" href="http://www.irian.biz/tobago-example-demo/faces/content/10-intro/50-migration/97-migration/migration30.xhtml"/>
<item name="Roadmap" href="https://issues.apache.org/jira/browse/TOBAGO#selectedTab=com.atlassian.jira.plugin.system.project%3Aroadmap-panel" />
<item name="FAQ" href="http://myfaces.apache.org/tobago/faq.html" />
<item name="API Documentation" href="http://myfaces.apache.org/tobago/api.html" />
Modified: myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/resources/org/apache/myfaces/tobago/example/demo/Demo.xml
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/resources/org/apache/myfaces/tobago/example/demo/Demo.xml?rev=1779895&r1=1779894&r2=1779895&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/resources/org/apache/myfaces/tobago/example/demo/Demo.xml (original)
+++ myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/resources/org/apache/myfaces/tobago/example/demo/Demo.xml Mon Jan 23 08:56:33 2017
@@ -36,6 +36,7 @@
<!-- navigate -->
<entry key="intro">Intro</entry>
<entry key="new_in_3_0">New in Tobago 3.0</entry>
+ <entry key="new_in_2_0">New in Tobago 2.0</entry>
<entry key="migration">Migration</entry>
<entry key="migration15">1.0 to 1.5</entry>
<entry key="migration20">1.5 to 2.0</entry>
Added: myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/10-intro/40-new+in+2+0/new+in+2+0.xhtml
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/10-intro/40-new%2Bin%2B2%2B0/new%2Bin%2B2%2B0.xhtml?rev=1779895&view=auto
==============================================================================
--- myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/10-intro/40-new+in+2+0/new+in+2+0.xhtml (added)
+++ myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/10-intro/40-new+in+2+0/new+in+2+0.xhtml Mon Jan 23 08:56:33 2017
@@ -0,0 +1,176 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+-->
+
+<ui:composition template="/main.xhtml"
+ xmlns="http://www.w3.org/1999/xhtml"
+ xmlns:tc="http://myfaces.apache.org/tobago/component"
+ xmlns:ui="http://java.sun.com/jsf/facelets">
+ <ui:param name="title" value="#{demoBundle.new_in_2_0}"/>
+ <p>At July 21, 2014 the version 2.0.0 has been released. Here was a quick overview over the features and changes made
+ in the last time to release this major revision.</p>
+ <p>Tobago 2.0.0 contains 184 entries in
+ <tc:link label="Jira"
+ link="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310273&styleName=Html&version=12321253"/>
+ and most of them are exclusive in this version.</p>
+ <p>Please take also a look at the
+ <tc:link label="Migration from Tobago 1.5 to 2.0"
+ link="#{request.contextPath}/faces/content/10-intro/50-migration/98-migration/migration20.xhtml?dswid=-2767"/>
+ guide.</p>
+ <tc:section label="Enhancements">
+ <b>Date- and Time-Picker</b>
+ <ul>
+ <li>Using jQuery UI Datepicker and TimePicker Addon</li>
+ <li>Faster — no server request</li>
+ <li>Better interactivity</li>
+ <li>Old Date-/TimePicker via <code>tobago-config.xml</code></li>
+ </ul>
+ <p>
+ <b>Draggable Popups</b>
+ </p>
+ <b>Input Suggest</b>
+ <ul>
+ <li>New implementation</li>
+ <li>Sub-Tag <code class="language-markup"><tc:suggest></code></li>
+ <li>More configuration options</li>
+ </ul>
+ <b>Tabs</b>
+ <ul>
+ <li>Icons</li>
+ <li>Toolbar buttons</li>
+ </ul>
+ <b>File upload</b>
+ <ul>
+ <li>Looks pretty now in every browser</li>
+ </ul>
+ <b>Radio Buttons</b>
+ <ul>
+ <li>Icons</li>
+ </ul>
+ </tc:section>
+
+ <tc:section label="New Features">
+ <b>HTML WYSIWYG Editor</b>
+ <ul>
+ <li>Integration example in the demo of <tc:link label="CKEditorâ„¢" link="http://ckeditor.com/"/> and
+ <tc:link label="TinyMCE" link="https://www.tinymce.com/"/></li>
+ <li>Not included, because of incompatible licences or breaks CSP</li>
+ <li>Other possible, but many have disadvantages</li>
+ </ul>
+ <b>Default Command for Sub-Forms</b>
+ <ul>
+ <li>Dependent from the focused input, the default command will be selected</li>
+ <li>Markup to show the command to the user</li>
+ </ul>
+ <b>Tree and Tree-Table</b>
+ <ul>
+ <li>Big internal refactoring</li>
+ <li>Work internally now with the JSF <code>UIData</code></li>
+ <li>Free model: <code>DefaultMutableTreeNode</code> is not required any longer, but you can implement
+ <code>javax.faces.model.DataModel</code></li>
+ <li>TreeTable</li>
+ <li>Infinite Trees possible</li>
+ <li>Selectors: sub-tree selection</li>
+ </ul>
+ <b>More</b>
+ <ul>
+ <li>Dynamic lists in <code class="language-markup"><f:selectItems></code> need not glue code (JSF 2.0)</li>
+ <li>Redirect in navigation rules doesn't break layout size</li>
+ <li>Additional possibility to show paging arrows in sheet</li>
+ <li>Automatically create accesskey from underscore is know configurable</li>
+ </ul>
+ </tc:section>
+
+ <tc:section label="Security">
+ <b>Content Security Policy</b>
+ <ul>
+ <li>To prevent XSS</li>
+ <li><tc:link label="W3C Standard" link="https://www.w3.org/TR/CSP/"/></li>
+ <li>Idea:
+ <ul>
+ <li>Don't execute any code inside the HTML file
+ <ul>
+ <li>No content in script tags</li>
+ <li>no onclick, nor on* etc.</li>
+ </ul>
+ </li>
+ <li>Don't execute <code>eval(script)</code></li>
+ <li>Don't apply CSS inside the HTML file</li>
+ <li>Define the sources of any resources</li>
+ <li>Strict separation of code and data
+ <ul>
+ <li>Keep the code in JavaScript Files</li>
+ <li>Put additional data in HTML5 <code>data-*</code> attributes</li>
+ </ul>
+ </li>
+ </ul>
+ </li>
+ <li>Browser support: all current, but IE 10 and 11 only "sandbox"</li>
+ <li>Activated by default, can be configured via <code>tobago-config.xml</code></li>
+ <li>There is also a "report-only" mode for development</li>
+ </ul>
+ <b>Content Security Policy and Tobago</b>
+ <ul>
+ <li>All renderers and scripts are refactored to be compliant with CSP</li>
+ <li>Using application specific JavaScript in Tobago
+ <ul>
+ <li>script attribute in command tags is deprecated</li>
+ <li>Problem: when setting non of these attributes: <code>action</code>, <code>script</code>,
+ <code>link</code>, Tobago will create a default action.
+ This can't be changed without breaking compatibility.
+ </li>
+ <li>Solution: <code>omit="true"</code></li>
+ </ul>
+ </li>
+ </ul>
+ <b>Sanitize potentially malicious content (to prevent XSS)</b>
+ <ul>
+ <li><code class="language-markup"><tc:textarea></code>, when it contains a
+ <code class="language-markup"><tc:dataAttribute></code> with <code>name="html-editor"</code></li>
+ <li><code class="language-markup"><tc:out></code>, when <code>escape="false"</code></li>
+ <li>Default implementation:
+ <tc:link label="JSoup" link="https://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer"/> whitelist
+ scanning
+ </li>
+ <li>Configurable via <code>tobago-config.xml</code></li>
+ <li>Why? See
+ <tc:link label="OSWAP"
+ link="https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.236_-_Sanitize_HTML_Markup_with_a_Library_Designed_for_the_Job"/>
+ </li>
+ </ul>
+ <b>More</b>
+ <ul>
+ <li>Setting nosniff HTTP header (to prevent XSS)</li>
+ <li>Don't allow to be in a frame (to prevent Frame-Attacks)</li>
+ <li>Both are configurable via <code>tobago-config.xml</code>, default is secure</li>
+ </ul>
+ </tc:section>
+
+ <tc:section label="Internal Refactoring">
+ <ul>
+ <li>Tree uses subclass of <code>javax.faces.model.DataModel</code></li>
+ <li>Using Java APT generator</li>
+ <li>Using ' instead of " for HTML attributes (JSON friendly)</li>
+ <li>JavaScript logging via console (plus workaround for old browsers)</li>
+ <li>The <code>theme-config.xml</code> was merged with <code>tobago-config.xml</code></li>
+ <li>Access the Tobago configuration via the <code>TobagoContext</code></li>
+ <li>The <code>TobagoConfig</code> is immutable after initialization</li>
+ <li>Add the version of Tobago into the resource URLs to avoid caching problem after updates</li>
+ </ul>
+ </tc:section>
+</ui:composition>
Modified: myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/10-intro/50-migration/97-migration/migration30.xhtml
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/10-intro/50-migration/97-migration/migration30.xhtml?rev=1779895&r1=1779894&r2=1779895&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/10-intro/50-migration/97-migration/migration30.xhtml (original)
+++ myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/content/10-intro/50-migration/97-migration/migration30.xhtml Mon Jan 23 08:56:33 2017
@@ -294,7 +294,7 @@
* widget.js
- If you are using jQuery UI directly, you may add the required resources via the <code><tobago-config.xml</code>
+ If you are using jQuery UI directly, you may add the required resources via the tobago-config.xml
and exclude the jQuery UI resource that comes with Tobago.
</pre>