Reviewers: hermes,
Description:
Give the UiBinder safehtml warning once per compile.
Review by: her...@google.com
Please review this at http://gwt-code-reviews.appspot.com/1434801/
Affected files:
M user/src/com/google/gwt/uibinder/rebind/UiBinderGenerator.java
Index: user/src/com/google/gwt/uibinder/rebind/UiBinderGenerator.java
===================================================================
--- user/src/com/google/gwt/uibinder/rebind/UiBinderGenerator.java
(revision 10140)
+++ user/src/com/google/gwt/uibinder/rebind/UiBinderGenerator.java (working
copy)
@@ -49,6 +49,8 @@
private static final String XSS_SAFE_CONFIG_PROPERTY
= "UiBinder.useSafeHtmlTemplates";
private static final String LAZY_WIDGET_BUILDERS_PROPERTY
= "UiBinder.useLazyWidgetBuilders";
+
+ private static boolean gaveSafeHtmlWarning;
/**
* Given a UiBinder interface, return the path to its ui.xml file,
suitable
@@ -214,10 +216,11 @@
Boolean rtn = extractConfigProperty(
logger, propertyOracle, XSS_SAFE_CONFIG_PROPERTY, true);
- if (!rtn) {
+ if (!gaveSafeHtmlWarning && !rtn) {
logger.warn("Configuration property %s is false! UiBinder SafeHtml
integration is off, "
+ "leaving your users more vulnerable to cross-site scripting
attacks.",
XSS_SAFE_CONFIG_PROPERTY);
+ gaveSafeHtmlWarning = true;
}
return rtn;
}
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors