You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Hans Bakker <h....@antwebsystems.com> on 2009/02/09 09:43:49 UTC

Re: svn commit: r742234 - in /ofbiz/trunk: applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ specialpurpose/webpos/webapp/webpos/includes/

Hi David,

I highly appreciate the work you are doing in this area. If you would
not be there, i do not know when it would be done.(if ever)

thanks again,
Hans

On Mon, 2009-02-09 at 01:37 -0700, David E Jones wrote:
> No problem. I hope everyone's in favor of these painful changes I'm  
> working on. They'll definitely have side effects and break things as  
> we restrict various things, for the sake of security.
> 
> Whatever the case, I'll be around to help pick up the pieces and  
> resolve issues that I miss in testing based on these changes.
> 
> On a side note, I wish we had done this a LONG time ago as it would  
> make things less painful with less code and functionality in the  
> project. Oh well, better late than never. This is taking a lot longer  
> to do than I thought, and I'm having to try all sorts of different  
> things before finding things that are effective and don't break too  
> much. In other words, I'm understanding better why no one else has  
> taken the plunge for this yet... :( I only wish some end-user was  
> willing to pay for this sort of thing, but I guess most business  
> people get upset about security after the fact more than they get  
> worried about it in advance.
> 
> Hopefully it doesn't screw up too much stuff and results in far  
> cleaner and safer code... it seems to be heading in that direction at  
> least.
> 
> -David
> 
> 
> On Feb 9, 2009, at 1:09 AM, Jacques Le Roux wrote:
> 
> > Thanks David,
> >
> > I saw you have used such a solution for other cases. I should have  
> > thought about that
> >
> > Jacques
> >
> > From: <jo...@apache.org>
> >> Author: jonesde
> >> Date: Mon Feb  9 02:34:23 2009
> >> New Revision: 742234
> >>
> >> URL: http://svn.apache.org/viewvc?rev=742234&view=rev
> >> Log:
> >> Fixed issue with general html encoding of String objects in FTL  
> >> files being applied to dynamic JavaScript from groovy files by  
> >> leaving them as StringBuffers, ie just removing the toString calls
> >>
> >> Modified:
> >>   ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/ 
> >> entry/catalog/InlineProductDetail.groovy
> >>   ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/ 
> >> entry/catalog/ProductDetail.groovy
> >>   ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl
> >>
> >> Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/ 
> >> actions/entry/catalog/InlineProductDetail.groovy
> >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy?rev=742234&r1=742233&r2=742234&view=diff
> >> = 
> >> = 
> >> = 
> >> = 
> >> = 
> >> = 
> >> = 
> >> = 
> >> = 
> >> =====================================================================
> >> --- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/ 
> >> entry/catalog/InlineProductDetail.groovy (original)
> >> +++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/ 
> >> entry/catalog/InlineProductDetail.groovy Mon Feb  9 02:34:23 2009
> >> @@ -303,7 +303,7 @@
> >>                    jsBuf.append(variantPriceJS.toString());
> >>                    jsBuf.append("</script>");
> >>
> >> -                    context.virtualJavaScript = jsBuf.toString();
> >> +                    context.virtualJavaScript = jsBuf;
> >>                }
> >>            }
> >>        }
> >>
> >> Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/ 
> >> actions/entry/catalog/ProductDetail.groovy
> >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy?rev=742234&r1=742233&r2=742234&view=diff
> >> = 
> >> = 
> >> = 
> >> = 
> >> = 
> >> = 
> >> = 
> >> = 
> >> = 
> >> =====================================================================
> >> --- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/ 
> >> entry/catalog/ProductDetail.groovy (original)
> >> +++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/ 
> >> entry/catalog/ProductDetail.groovy Mon Feb  9 02:34:23 2009
> >> @@ -375,7 +375,7 @@
> >>                    jsBuf.append(variantPriceJS.toString());
> >>                    jsBuf.append("</script>");
> >>
> >> -                    context.virtualJavaScript = jsBuf.toString();
> >> +                    context.virtualJavaScript = jsBuf;
> >>                }
> >>            }
> >>        }
> >>
> >> Modified: ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/ 
> >> Header.ftl
> >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl?rev=742234&r1=742233&r2=742234&view=diff
> >> = 
> >> = 
> >> = 
> >> = 
> >> = 
> >> = 
> >> = 
> >> = 
> >> = 
> >> =====================================================================
> >> --- ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/ 
> >> Header.ftl (original)
> >> +++ ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/ 
> >> Header.ftl Mon Feb  9 02:34:23 2009
> >> @@ -37,7 +37,6 @@
> >>            <link rel="stylesheet" href="<@ofbizContentUrl>$ 
> >> {styleSheet}</...@ofbizContentUrl>" type="text/css"/>
> >>        </#list>
> >>    </#if>
> >> -    ${layoutSettings?if_exists.extraHead?if_exists}
> >>
> >>    <#-- Append CSS for catalog -->
> >>    <#if catalogStyleSheet?exists>
> >>
> >

-- 
http://www.antwebsystems.com : 
Quality OFBiz support for competitive rates....