Hi David, I highly appreciate the work you are doing in this area. If you would not be there, i do not know when it would be done.(if ever)
thanks again, Hans On Mon, 2009-02-09 at 01:37 -0700, David E Jones wrote: > No problem. I hope everyone's in favor of these painful changes I'm > working on. They'll definitely have side effects and break things as > we restrict various things, for the sake of security. > > Whatever the case, I'll be around to help pick up the pieces and > resolve issues that I miss in testing based on these changes. > > On a side note, I wish we had done this a LONG time ago as it would > make things less painful with less code and functionality in the > project. Oh well, better late than never. This is taking a lot longer > to do than I thought, and I'm having to try all sorts of different > things before finding things that are effective and don't break too > much. In other words, I'm understanding better why no one else has > taken the plunge for this yet... :( I only wish some end-user was > willing to pay for this sort of thing, but I guess most business > people get upset about security after the fact more than they get > worried about it in advance. > > Hopefully it doesn't screw up too much stuff and results in far > cleaner and safer code... it seems to be heading in that direction at > least. > > -David > > > On Feb 9, 2009, at 1:09 AM, Jacques Le Roux wrote: > > > Thanks David, > > > > I saw you have used such a solution for other cases. I should have > > thought about that > > > > Jacques > > > > From: <jone...@apache.org> > >> Author: jonesde > >> Date: Mon Feb 9 02:34:23 2009 > >> New Revision: 742234 > >> > >> URL: http://svn.apache.org/viewvc?rev=742234&view=rev > >> Log: > >> Fixed issue with general html encoding of String objects in FTL > >> files being applied to dynamic JavaScript from groovy files by > >> leaving them as StringBuffers, ie just removing the toString calls > >> > >> Modified: > >> ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/ > >> entry/catalog/InlineProductDetail.groovy > >> ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/ > >> entry/catalog/ProductDetail.groovy > >> ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl > >> > >> Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/ > >> actions/entry/catalog/InlineProductDetail.groovy > >> URL: > >> http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/InlineProductDetail.groovy?rev=742234&r1=742233&r2=742234&view=diff > >> = > >> = > >> = > >> = > >> = > >> = > >> = > >> = > >> = > >> ===================================================================== > >> --- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/ > >> entry/catalog/InlineProductDetail.groovy (original) > >> +++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/ > >> entry/catalog/InlineProductDetail.groovy Mon Feb 9 02:34:23 2009 > >> @@ -303,7 +303,7 @@ > >> jsBuf.append(variantPriceJS.toString()); > >> jsBuf.append("</script>"); > >> > >> - context.virtualJavaScript = jsBuf.toString(); > >> + context.virtualJavaScript = jsBuf; > >> } > >> } > >> } > >> > >> Modified: ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/ > >> actions/entry/catalog/ProductDetail.groovy > >> URL: > >> http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/entry/catalog/ProductDetail.groovy?rev=742234&r1=742233&r2=742234&view=diff > >> = > >> = > >> = > >> = > >> = > >> = > >> = > >> = > >> = > >> ===================================================================== > >> --- ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/ > >> entry/catalog/ProductDetail.groovy (original) > >> +++ ofbiz/trunk/applications/order/webapp/ordermgr/WEB-INF/actions/ > >> entry/catalog/ProductDetail.groovy Mon Feb 9 02:34:23 2009 > >> @@ -375,7 +375,7 @@ > >> jsBuf.append(variantPriceJS.toString()); > >> jsBuf.append("</script>"); > >> > >> - context.virtualJavaScript = jsBuf.toString(); > >> + context.virtualJavaScript = jsBuf; > >> } > >> } > >> } > >> > >> Modified: ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/ > >> Header.ftl > >> URL: > >> http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/Header.ftl?rev=742234&r1=742233&r2=742234&view=diff > >> = > >> = > >> = > >> = > >> = > >> = > >> = > >> = > >> = > >> ===================================================================== > >> --- ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/ > >> Header.ftl (original) > >> +++ ofbiz/trunk/specialpurpose/webpos/webapp/webpos/includes/ > >> Header.ftl Mon Feb 9 02:34:23 2009 > >> @@ -37,7 +37,6 @@ > >> <link rel="stylesheet" href="<@ofbizContentUrl>$ > >> {styleSheet}</@ofbizContentUrl>" type="text/css"/> > >> </#list> > >> </#if> > >> - ${layoutSettings?if_exists.extraHead?if_exists} > >> > >> <#-- Append CSS for catalog --> > >> <#if catalogStyleSheet?exists> > >> > > -- http://www.antwebsystems.com : Quality OFBiz support for competitive rates....