A great feature to add to click-examples is a search field in the top right hand side of the banner. where you can enter in some free text and it will display a search results page which lists all the references in the application source code (Java, HTML, XML, CSS) and links through to a the source viewer page. When the application start up all the source code could be loaded a map in memory which could then be searched using a brute force search.
regards Malcolm Edgar On Wed, Feb 25, 2009 at 12:41 PM, florin.g <[email protected]> wrote: > > Bob, > > To me (as a hobbyist), Click offers pretty much all I need. I probably use > a > subset anyways. > > However, convenience is one of the most powerful things in life as well as > programming. I would add lots of good thing in the extra package that would > really add value to the programmer's day to day life. Simplicity of > framework plus convenience, yep, I'd go for it. > > Florin > > > > sabob wrote: > > > > florin.g wrote: > > > >> - Built in security (cross site, sql injection, etc.) > > > > > > I think SQL injection is better handled by the DB layer e.g. an ORM or > > PreparedStatement. > > > > As for XSS attacks Click controls provides some protection by escaping > > their values before rendering. However XSS will still be possible > > through Velocity variables unless they are escaped using > > Format#html(String): > > > > $format.html($msg) > > > > Velocity also provides a property to escape all variables or > > optionally to escape only variables matching a certain expression. > > > > Still the best way is probably through an XSSFilter which ensures all > > HTML entities are escaped. Is this what you had in mind or something > else? > > > > kind regards > > > > bob > > > > > > > > -- > View this message in context: > http://n2.nabble.com/2.0.1-Roadmap-tp2364159p2381477.html > Sent from the click-development mailing list archive at Nabble.com. > >
