Re: [Dev] [DS] Changing the page id in a dashboard using properties.

2015-10-29 Thread Nipuna Chandradasa 
Hi

So the changing the URL (page id) is still there and added fixed to the
issues came across when changing the page id. Also sanitize all user input
in the dashboard designer and create dashboard pages. Also added validation
to the dashboard settings page.

Thank you

On Wed, Oct 28, 2015 at 11:47 AM, Manuranga Perera  wrote:

> Having the URL as id is much cleaner than we generating random ids. (ie.
> Dashboard json will be more understandable) But as Udara said we have to
> sanitize by removing all non alpha numeric expect '-'.
>
> I don't understand how prefix will help. Anyway, we shouldn't add anything
> extra since it is the URL and its visible to the end user.
>



-- 
Nipuna Marcus
*Software Engineer*
WSO2 Inc.
http://wso2.com/ - "lean . enterprise . middleware"
Mobile : +94 (0) 713 667906
nipu...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DS] Changing the page id in a dashboard using properties.

2015-10-28 Thread Manuranga Perera 
Having the URL as id is much cleaner than we generating random ids. (ie.
Dashboard json will be more understandable) But as Udara said we have to
sanitize by removing all non alpha numeric expect '-'.

I don't understand how prefix will help. Anyway, we shouldn't add anything
extra since it is the URL and its visible to the end user.
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DS] Changing the page id in a dashboard using properties.

2015-10-27 Thread Nipuna Chandradasa 
Hi Udara,

Sanitizing the user input does not happen yet. I'll look in to that matter.
But can you explain a bit about how we can add a prefix to fix this issue?

Thank you

On Mon, Oct 26, 2015 at 5:23 PM, Udara Rathnayake  wrote:

> Hi Nipuna,
>
> Make sure we sanitize all user inputs before rendering.
>
> On Mon, Oct 26, 2015 at 4:50 PM, Nipuna Chandradasa 
> wrote:
>
>> Hi Team,
>>
>> In the current product-ues, we allow user to change the page id using the
>> URL field in the properties menu. This causes multiple issues as we also
>> use this page id to process the changes to the page.
>>
>> I fixed those issues that i could find ... (Seems like now it's working
>> fine as to tests i did)
>>
> Let's merge those changes to trunk.
>
>>
>> Is it a good practice to change a ID of a property and also allow user to
>> do the changing?
>>
> Can't we have a prefix+sanitized user input?
>
>> Can we keep separate fields for URL and ID in the page object?
>>
> If we are to use a prefix, is this requirement valid still?
>
>>
>> Appreciate your suggestions and comments.
>>
>> Thank you.
>> --
>> Nipuna Marcus
>> *Software Engineer*
>> WSO2 Inc.
>> http://wso2.com/ - "lean . enterprise . middleware"
>> Mobile : +94 (0) 713 667906
>> nipu...@wso2.com
>>
>
>


-- 
Nipuna Marcus
*Software Engineer*
WSO2 Inc.
http://wso2.com/ - "lean . enterprise . middleware"
Mobile : +94 (0) 713 667906
nipu...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DS] Changing the page id in a dashboard using properties.

2015-10-26 Thread Udara Rathnayake 
Hi Nipuna,

Make sure we sanitize all user inputs before rendering.

On Mon, Oct 26, 2015 at 4:50 PM, Nipuna Chandradasa 
wrote:

> Hi Team,
>
> In the current product-ues, we allow user to change the page id using the
> URL field in the properties menu. This causes multiple issues as we also
> use this page id to process the changes to the page.
>
> I fixed those issues that i could find ... (Seems like now it's working
> fine as to tests i did)
>
Let's merge those changes to trunk.

>
> Is it a good practice to change a ID of a property and also allow user to
> do the changing?
>
Can't we have a prefix+sanitized user input?

> Can we keep separate fields for URL and ID in the page object?
>
If we are to use a prefix, is this requirement valid still?

>
> Appreciate your suggestions and comments.
>
> Thank you.
> --
> Nipuna Marcus
> *Software Engineer*
> WSO2 Inc.
> http://wso2.com/ - "lean . enterprise . middleware"
> Mobile : +94 (0) 713 667906
> nipu...@wso2.com
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev