You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Hans Bakker <h....@antwebsystems.com> on 2009/02/09 09:43:49 UTC
Re: svn commit: r742234 - in /ofbiz/trunk:
applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/
specialpurpose/webpos/webapp/webpos/includes/
Hi David,
I highly appreciate the work you are doing in this area. If you would
not be there, i do not know when it would be done.(if ever)
thanks again,
Hans
On Mon, 2009-02-09 at 01:37 -0700, David E Jones wrote:
> No problem. I hope everyone's in favor of these painful changes I'm
> working on. They'll definitely have side effects and break things as
> we restrict various things, for the sake of security.
>
> Whatever the case, I'll be around to help pick up the pieces and
> resolve issues that I miss in testing based on these changes.
>
> On a side note, I wish we had done this a LONG time ago as it would
> make things less painful with less code and functionality in the
> project. Oh well, better late than never. This is taking a lot longer
> to do than I thought, and I'm having to try all sorts of different
> things before finding things that are effective and don't break too
> much. In other words, I'm understanding better why no one else has
> taken the plunge for this yet... :( I only wish some end-user was
> willing to pay for this sort of thing, but I guess most business
> people get upset about security after the fact more than they get
> worried about it in advance.
>
> Hopefully it doesn't screw up too much stuff and results in far
> cleaner and safer code... it seems to be heading in that direction at
> least.
>
> -David
>
>
> On Feb 9, 2009, at 1:09 AM, Jacques Le Roux wrote:
>
> > Thanks David,
> >
> > I saw you have used such a solution for other cases. I should have
> > thought about that
> >
> > Jacques
> >
> > From: <jo...@apache.org>
> >> Author: jonesde
> >> Date: Mon Feb 9 02:34:23 2009
> >> New Revision: 742234
> >>
> >> URL: http://svn.apache.org/viewvc?rev=742234&view=rev
> >> Log:
> >> Fixed issue with general html encoding of String objects in FTL
> >> files being applied to dynamic JavaScript from groovy files by
> >> leaving them as StringBuffers, ie just removing the toString calls
> >>
> >> Modified:
> >> ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
> >> entry/catalog/InlineProductDetail.groovy
> >> ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
> >> entry/catalog/ProductDetail.groovy
> >> ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl
> >>
> >> Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/
> >> actions/entry/catalog/InlineProductDetail.groovy
> >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy?rev=742234&r1=742233&r2=742234&view=diff
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =====================================================================
> >> --- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
> >> entry/catalog/InlineProductDetail.groovy (original)
> >> +++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
> >> entry/catalog/InlineProductDetail.groovy Mon Feb 9 02:34:23 2009
> >> @@ -303,7 +303,7 @@
> >> jsBuf.append(variantPriceJS.toString());
> >> jsBuf.append("</script>");
> >>
> >> - context.virtualJavaScript = jsBuf.toString();
> >> + context.virtualJavaScript = jsBuf;
> >> }
> >> }
> >> }
> >>
> >> Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/
> >> actions/entry/catalog/ProductDetail.groovy
> >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy?rev=742234&r1=742233&r2=742234&view=diff
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =====================================================================
> >> --- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
> >> entry/catalog/ProductDetail.groovy (original)
> >> +++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/
> >> entry/catalog/ProductDetail.groovy Mon Feb 9 02:34:23 2009
> >> @@ -375,7 +375,7 @@
> >> jsBuf.append(variantPriceJS.toString());
> >> jsBuf.append("</script>");
> >>
> >> - context.virtualJavaScript = jsBuf.toString();
> >> + context.virtualJavaScript = jsBuf;
> >> }
> >> }
> >> }
> >>
> >> Modified: ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/
> >> Header.ftl
> >> URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl?rev=742234&r1=742233&r2=742234&view=diff
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =
> >> =====================================================================
> >> --- ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/
> >> Header.ftl (original)
> >> +++ ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/
> >> Header.ftl Mon Feb 9 02:34:23 2009
> >> @@ -37,7 +37,6 @@
> >> <link rel="stylesheet" href="<@ofbizContentUrl>$
> >> {styleSheet}</...@ofbizContentUrl>" type="text/css"/>
> >> </#list>
> >> </#if>
> >> - ${layoutSettings?if_exists.extraHead?if_exists}
> >>
> >> <#-- Append CSS for catalog -->
> >> <#if catalogStyleSheet?exists>
> >>
> >
--
http://www.antwebsystems.com :
Quality OFBiz support for competitive rates....