Updated Branches: refs/heads/5.4-js-rewrite 25a9b9213 -> b33dba042
Exclude messages that are explicitly private, or that contain '%' (the Java format specifier) Project: http://git-wip-us.apache.org/repos/asf/tapestry-5/repo Commit: http://git-wip-us.apache.org/repos/asf/tapestry-5/commit/b33dba04 Tree: http://git-wip-us.apache.org/repos/asf/tapestry-5/tree/b33dba04 Diff: http://git-wip-us.apache.org/repos/asf/tapestry-5/diff/b33dba04 Branch: refs/heads/5.4-js-rewrite Commit: b33dba042aae376d0162628d57a4a3b0bf073192 Parents: f81e458 Author: Howard M. Lewis Ship <hls...@apache.org> Authored: Fri Nov 2 11:13:53 2012 -0700 Committer: Howard M. Lewis Ship <hls...@apache.org> Committed: Fri Nov 2 11:13:53 2012 -0700 ---------------------------------------------------------------------- .../META-INF/modules/core/messages.coffee | 13 +++++++++++-- .../internal/util/MessageCatalogResource.java | 15 +++++++++++++-- tapestry-core/src/test/app1/WEB-INF/app.properties | 3 +++ .../integration/app1/pages/test-messages.coffee | 14 +++++++++++++- 4 files changed, 40 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/b33dba04/tapestry-core/src/main/coffeescript/META-INF/modules/core/messages.coffee ---------------------------------------------------------------------- diff --git a/tapestry-core/src/main/coffeescript/META-INF/modules/core/messages.coffee b/tapestry-core/src/main/coffeescript/META-INF/modules/core/messages.coffee index 8aa950a..9484178 100644 --- a/tapestry-core/src/main/coffeescript/META-INF/modules/core/messages.coffee +++ b/tapestry-core/src/main/coffeescript/META-INF/modules/core/messages.coffee @@ -17,6 +17,16 @@ # the same purpose. This one is different, as it is necessary to compute one of the dependencies. # On the server `core/messages/<locale>` is actually generated dynamically, as is a simple # mapping of message keys to message values, from the global application message catalog. +# +# This module provides access to localized messages from the Tapestry applications' server-side +# application message catalog (which is, itself, built from multiple resources, some provided by +# the framework, others provided by the application, or third-party libraries). +# +# Messages in the catalog that contain Java-style format specifiers are not included, as there +# is not facility for formatting those on the client. This is actually done as a simple test for the +# presence of the `%` character. In addition, any message key that begins with "private-" is +# assumed to contain sensitive data (such as database URLs or passwords) and will not be +# exposed to the client. do -> # In the unexpected case that the data-locale attribute is missing, assume English locale = (document.documentElement.getAttribute "data-locale") or "en" @@ -39,6 +49,5 @@ do -> get.keys = -> _.keys messages - # Export get as the main function; perhaps later we'll add a "format" - # or something similar as a property of get. + # Export get as the main function. return get http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/b33dba04/tapestry-core/src/main/java/org/apache/tapestry5/internal/util/MessageCatalogResource.java ---------------------------------------------------------------------- diff --git a/tapestry-core/src/main/java/org/apache/tapestry5/internal/util/MessageCatalogResource.java b/tapestry-core/src/main/java/org/apache/tapestry5/internal/util/MessageCatalogResource.java index 3ba7505..23848b2 100644 --- a/tapestry-core/src/main/java/org/apache/tapestry5/internal/util/MessageCatalogResource.java +++ b/tapestry-core/src/main/java/org/apache/tapestry5/internal/util/MessageCatalogResource.java @@ -97,7 +97,6 @@ public class MessageCatalogResource extends VirtualResource bytes = assembleCatalog().getBytes(UTF8); } - return bytes; } @@ -109,7 +108,19 @@ public class MessageCatalogResource extends VirtualResource for (String key : messages.getKeys()) { - catalog.put(key, messages.get(key)); + if (key.startsWith("private-")) + { + continue; + } + + String value = messages.get(key); + + if (value.contains("%")) + { + continue; + } + + catalog.put(key, value); } StringBuilder builder = new StringBuilder(2000); http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/b33dba04/tapestry-core/src/test/app1/WEB-INF/app.properties ---------------------------------------------------------------------- diff --git a/tapestry-core/src/test/app1/WEB-INF/app.properties b/tapestry-core/src/test/app1/WEB-INF/app.properties index f60825b..5551efe 100644 --- a/tapestry-core/src/test/app1/WEB-INF/app.properties +++ b/tapestry-core/src/test/app1/WEB-INF/app.properties @@ -18,3 +18,6 @@ viewlink-label=View overridden-by-app=[app] client-accessible=Client Accessible + +not-visible=Contains a %, not visible. +private-is-not-visible=Not visible because of private- prefix. http://git-wip-us.apache.org/repos/asf/tapestry-5/blob/b33dba04/tapestry-core/src/test/coffeescript/org/apache/tapestry5/integration/app1/pages/test-messages.coffee ---------------------------------------------------------------------- diff --git a/tapestry-core/src/test/coffeescript/org/apache/tapestry5/integration/app1/pages/test-messages.coffee b/tapestry-core/src/test/coffeescript/org/apache/tapestry5/integration/app1/pages/test-messages.coffee index c41949f..a7daa24 100644 --- a/tapestry-core/src/test/coffeescript/org/apache/tapestry5/integration/app1/pages/test-messages.coffee +++ b/tapestry-core/src/test/coffeescript/org/apache/tapestry5/integration/app1/pages/test-messages.coffee @@ -1,10 +1,22 @@ -require ["core/messages"], (messages) -> +require ["core/messages", "_"], (messages, _) -> module "core/messages" + missing = (key) -> + (_.indexOf messages.keys(), key) is -1 + test "access known key", -> equal messages("client-accessible"), "Client Accessible" test "unknown messages key", -> equal messages("gnip-gnop"), "[[Missing Key: 'gnip-gnop']]" + + test "messages values with '%' are not client accessible", -> + + ok missing "not-visible" + + test "messages prefixed with 'private-' are not client accessible", -> + + ok missing "private-is-not-visible" +