[gwt-contrib] Re: make it possible to just use devmode on a particular module while allowing the (issue1408802)
LGTM http://gwt-code-reviews.appspot.com/1408802/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Addresses ClassNotFoundException problems when the data structures serialized in (issue1412801)
Reviewers: tobyr, jbrosenberg, Description: Addresses ClassNotFoundException problems when the data structures serialized in the unit cache log files no longer matches due to changes in GWT. Please review this at http://gwt-code-reviews.appspot.com/1412801/ Affected files: M dev/core/src/com/google/gwt/dev/javac/PersistentUnitCache.java M dev/core/test/com/google/gwt/dev/javac/PersistentUnitCacheTest.java -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Adds {moz,webkit}RequestAnimationFrame support to animations. (issue1355805)
http://gwt-code-reviews.appspot.com/1355805/diff/6003/user/src/com/google/gwt/user/client/ui/DeckPanel.java File user/src/com/google/gwt/user/client/ui/DeckPanel.java (right): http://gwt-code-reviews.appspot.com/1355805/diff/6003/user/src/com/google/gwt/user/client/ui/DeckPanel.java#newcode108 user/src/com/google/gwt/user/client/ui/DeckPanel.java:108: // Figure out if the deck panel has a fixed height I'm not sure I'm a good checker, but it smells funny to me that onStart is losing a check that it used to have without (that I saw) routing through the new code in newWidget, nor why newWidget, having decided to animate, doesn't touch onStart. I'm willing to believe there's a good reason for it, but I'd like to know what it is. ;-) http://gwt-code-reviews.appspot.com/1355805/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Addresses ClassNotFoundException problems when the data structures serialized in (issue1412801)
The symptom of this problem is that after updating GWT, you get the following exceptions similar to the following: [WARN] Error reading cache file: /tmp/me/gwt-unitCache/gwt-unitCache-012F28614915 java.io.InvalidClassException: com.google.gwt.dev.javac.Dependencies; local class incompatible: stream classdesc serialVersionUID = 4461785342388877006, local class serialVersionUID = -308718918430258746 at java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:579) at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1600) at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1513) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1749) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1346) at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1963) at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1887) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1770) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1346) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:368) at com.google.gwt.dev.javac.PersistentUnitCache.loadUnitMap(PersistentUnitCache.java:472) at com.google.gwt.dev.javac.PersistentUnitCache.access$000(PersistentUnitCache.java:91) at com.google.gwt.dev.javac.PersistentUnitCache$UnitCacheMapLoader.run(PersistentUnitCache.java:120) The data following that exception in the file is ignored, and the cache goes on to operate normally. You'll keep getting those errors until the next time the cache logs are consolidated (every 10 runs or so) This change handles the ClassNotFoundException differently and quietly removes the file. http://gwt-code-reviews.appspot.com/1412801/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Adds {moz,webkit}RequestAnimationFrame support to animations. (issue1355805)
http://gwt-code-reviews.appspot.com/1355805/diff/6003/user/src/com/google/gwt/user/client/ui/DeckPanel.java File user/src/com/google/gwt/user/client/ui/DeckPanel.java (right): http://gwt-code-reviews.appspot.com/1355805/diff/6003/user/src/com/google/gwt/user/client/ui/DeckPanel.java#newcode108 user/src/com/google/gwt/user/client/ui/DeckPanel.java:108: // Figure out if the deck panel has a fixed height On 2011/04/11 15:02:02, fabbott wrote: I'm not sure I'm a good checker, but it smells funny to me that onStart is losing a check that it used to have without (that I saw) routing through the new code in newWidget, nor why newWidget, having decided to animate, doesn't touch onStart. I'm willing to believe there's a good reason for it, but I'd like to know what it is. ;-) I wrote this code some times back, but it looks like the goal was to compute fixedHeight *before* calling run() so we could pass the second argument: if the height is fixed, we're sure the page layout won't change, so in case the deck is out of view (hidden, or displayed outside the viewport's bounds) we actually don't need to run our animation code. Passing the deckElem to run() in this case tells the browser it can skip calling us back if the element is out of view (at its discretion; actually, I believe WebKit only skips such calls on background tabs). http://gwt-code-reviews.appspot.com/1355805/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Addresses ClassNotFoundException problems when the data structures serialized in (issue1412801)
http://gwt-code-reviews.appspot.com/1412801/diff/1/dev/core/src/com/google/gwt/dev/javac/PersistentUnitCache.java File dev/core/src/com/google/gwt/dev/javac/PersistentUnitCache.java (right): http://gwt-code-reviews.appspot.com/1412801/diff/1/dev/core/src/com/google/gwt/dev/javac/PersistentUnitCache.java#newcode493 dev/core/src/com/google/gwt/dev/javac/PersistentUnitCache.java:493: cacheFile.delete(); Don't you need this same behavior for IOException? The original deserilization exception you were seeing was an InvalidClassException, which is a subclass of IOException. http://gwt-code-reviews.appspot.com/1412801/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Fixed pom.xml produced by WebAppCreator. Issue 4878 and Issue 6196. (issue1407804)
http://gwt-code-reviews.appspot.com/1407804/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Adds {moz,webkit}RequestAnimationFrame support to animations. (issue1355805)
LGTM On Mon, Apr 11, 2011 at 11:44 AM, t.bro...@gmail.com wrote: http://gwt-code-reviews.appspot.com/1355805/diff/6003/user/src/com/google/gwt/user/client/ui/DeckPanel.java File user/src/com/google/gwt/user/client/ui/DeckPanel.java (right): http://gwt-code-reviews.appspot.com/1355805/diff/6003/user/src/com/google/gwt/user/client/ui/DeckPanel.java#newcode108 user/src/com/google/gwt/user/client/ui/DeckPanel.java:108: // Figure out if the deck panel has a fixed height On 2011/04/11 15:02:02, fabbott wrote: I'm not sure I'm a good checker, but it smells funny to me that onStart is losing a check that it used to have without (that I saw) routing through the new code in newWidget, nor why newWidget, having decided to animate, doesn't touch onStart. I'm willing to believe there's a good reason for it, but I'd like to know what it is. ;-) I wrote this code some times back, but it looks like the goal was to compute fixedHeight *before* calling run() so we could pass the second argument: if the height is fixed, we're sure the page layout won't change, so in case the deck is out of view (hidden, or displayed outside the viewport's bounds) we actually don't need to run our animation code. Passing the deckElem to run() in this case tells the browser it can skip calling us back if the element is out of view (at its discretion; actually, I believe WebKit only skips such calls on background tabs). http://gwt-code-reviews.appspot.com/1355805/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] [google-web-toolkit] r9970 committed - Adds {moz,webkit}RequestAnimationFrame support to animations....
Revision: 9970
Author: jlaba...@google.com
Date: Mon Apr 11 07:56:01 2011
Log: Adds {moz,webkit}RequestAnimationFrame support to animations.
Refactor Animation with different implementations, adding
mozRequestAnimationFrame and webkitRequestAnimationFrame support in
addition to
the timer-based implementation.
ALso adds run() overloads taking an 'element' argument, that
visually scopes
the animation (so that browsers can, as an optimization, skip steps when the
element is not visible to the user).
Code Review: http://gwt-code-reviews.appspot.com/1355805/
Author: tbroyer
Review by: jlabanca
http://code.google.com/p/google-web-toolkit/source/detail?r=9970
Added:
/trunk/user/src/com/google/gwt/animation/client/AnimationImpl.java
/trunk/user/src/com/google/gwt/animation/client/AnimationImplMozAnimTiming.java
/trunk/user/src/com/google/gwt/animation/client/AnimationImplTimer.java
/trunk/user/src/com/google/gwt/animation/client/AnimationImplWebkitAnimTiming.java
Modified:
/trunk/user/src/com/google/gwt/animation/Animation.gwt.xml
/trunk/user/src/com/google/gwt/animation/client/Animation.java
/trunk/user/src/com/google/gwt/layout/client/Layout.java
/trunk/user/src/com/google/gwt/user/cellview/client/CellBrowser.java
/trunk/user/src/com/google/gwt/user/client/ui/DeckPanel.java
===
--- /dev/null
+++ /trunk/user/src/com/google/gwt/animation/client/AnimationImpl.java Mon
Apr 11 07:56:01 2011
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2011 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the License); you may
not
+ * use this file except in compliance with the License. You may obtain a
copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS,
WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+package com.google.gwt.animation.client;
+
+import com.google.gwt.dom.client.Element;
+
+/**
+ * Base class for animation implementations.
+ */
+abstract class AnimationImpl {
+
+ /**
+ * Cancel the animation.
+ */
+ public abstract void cancel(Animation animation);
+
+ /**
+ * Run the animation with an optional bounding element.
+ */
+ public abstract void run(Animation animation, Element element);
+
+ /**
+ * Update the {@link Animation}.
+ *
+ * @param animation the {@link Animation}
+ * @param curTime the current time
+ * @return true if the animation is complete, false if still running
+ */
+ protected final boolean updateAnimation(Animation animation, double
curTime) {
+return animation.isRunning() animation.update(curTime);
+ }
+}
===
--- /dev/null
+++
/trunk/user/src/com/google/gwt/animation/client/AnimationImplMozAnimTiming.java
Mon Apr 11 07:56:01 2011
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2011 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the License); you may
not
+ * use this file except in compliance with the License. You may obtain a
copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an AS IS BASIS,
WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+package com.google.gwt.animation.client;
+
+import com.google.gwt.dom.client.Element;
+
+/**
+ * Implementation using codemozRequestAnimationFrame/code.
+ *
+ * @see a
href=https://developer.mozilla.org/en/DOM/window.mozRequestAnimationFrame;
+ * Documentation on the MDN/a
+ */
+class AnimationImplMozAnimTiming extends AnimationImpl {
+
+ private int handle;
+
+ @Override
+ public void cancel(Animation animation) {
+handle++;
+ }
+
+ @Override
+ public void run(Animation animation, Element element) {
+handle++;
+nativeRun(animation);
+ }
+
+ private native void nativeRun(Animation animation) /*-{
+var self = this;
+var handle =
th...@com.google.gwt.animation.client.AnimationImplMozAnimTiming::handle;
+var callback = $entry(function(time) {
+ if (handle !=
se...@com.google.gwt.animation.client.AnimationImplMozAnimTiming::handle) {
+return; // cancelled
+ }
+ var complete =
se...@com.google.gwt.animation.client.AnimationImpl::updateAnimation(Lcom/google/gwt/animation/client/Animation;D)(animation,
time);
+ if (!complete) {
+$wnd.mozRequestAnimationFrame(callback);
+ }
+});
+
+$wnd.mozRequestAnimationFrame(callback);
+ }-*/;
+}
===
--- /dev/null
+++
[gwt-contrib] Re: Adds {moz,webkit}RequestAnimationFrame support to animations. (issue1355805)
committed as r9970 Thanks for another patch! http://gwt-code-reviews.appspot.com/1355805/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Reverting r9970 due to build break. (issue1408804)
Reviewers: fabbott, Description: Reverting r9970 due to build break. Please review this at http://gwt-code-reviews.appspot.com/1408804/ Affected files: M user/src/com/google/gwt/animation/Animation.gwt.xml M user/src/com/google/gwt/animation/client/Animation.java D user/src/com/google/gwt/animation/client/AnimationImpl.java D user/src/com/google/gwt/animation/client/AnimationImplMozAnimTiming.java D user/src/com/google/gwt/animation/client/AnimationImplTimer.java D user/src/com/google/gwt/animation/client/AnimationImplWebkitAnimTiming.java M user/src/com/google/gwt/layout/client/Layout.java M user/src/com/google/gwt/user/cellview/client/CellBrowser.java M user/src/com/google/gwt/user/client/ui/DeckPanel.java -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Adds {moz,webkit}RequestAnimationFrame support to animations. (issue1355805)
It's always a pleasure to work on GWT: the code is quite clean and easy to read! On a related note (to this patch), I was thinking about using CSS3 transitions for animations in widgets, when supported. The only issue is that there would only be an event fired at the end (ontransitionend). Is it really an issue to call child widget's onResize only once at the end of the animation, or should we fake the animation steps with a timer or requestAnimationFrame? (in which case maybe CSS transitions wouldn't be worth adding). -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] [google-web-toolkit] r9971 committed - Reverting r9970 due to build break....
Revision: 9971
Author: jlaba...@google.com
Date: Mon Apr 11 09:09:49 2011
Log: Reverting r9970 due to build break.
Review at http://gwt-code-reviews.appspot.com/1408804
Review by: fabb...@google.com
http://code.google.com/p/google-web-toolkit/source/detail?r=9971
Deleted:
/trunk/user/src/com/google/gwt/animation/client/AnimationImpl.java
/trunk/user/src/com/google/gwt/animation/client/AnimationImplMozAnimTiming.java
/trunk/user/src/com/google/gwt/animation/client/AnimationImplTimer.java
/trunk/user/src/com/google/gwt/animation/client/AnimationImplWebkitAnimTiming.java
Modified:
/trunk/user/src/com/google/gwt/animation/Animation.gwt.xml
/trunk/user/src/com/google/gwt/animation/client/Animation.java
/trunk/user/src/com/google/gwt/layout/client/Layout.java
/trunk/user/src/com/google/gwt/user/cellview/client/CellBrowser.java
/trunk/user/src/com/google/gwt/user/client/ui/DeckPanel.java
===
--- /trunk/user/src/com/google/gwt/animation/client/AnimationImpl.java Mon
Apr 11 07:56:01 2011
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright 2011 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the License); you may
not
- * use this file except in compliance with the License. You may obtain a
copy of
- * the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an AS IS BASIS,
WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
under
- * the License.
- */
-package com.google.gwt.animation.client;
-
-import com.google.gwt.dom.client.Element;
-
-/**
- * Base class for animation implementations.
- */
-abstract class AnimationImpl {
-
- /**
- * Cancel the animation.
- */
- public abstract void cancel(Animation animation);
-
- /**
- * Run the animation with an optional bounding element.
- */
- public abstract void run(Animation animation, Element element);
-
- /**
- * Update the {@link Animation}.
- *
- * @param animation the {@link Animation}
- * @param curTime the current time
- * @return true if the animation is complete, false if still running
- */
- protected final boolean updateAnimation(Animation animation, double
curTime) {
-return animation.isRunning() animation.update(curTime);
- }
-}
===
---
/trunk/user/src/com/google/gwt/animation/client/AnimationImplMozAnimTiming.java
Mon Apr 11 07:56:01 2011
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright 2011 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the License); you may
not
- * use this file except in compliance with the License. You may obtain a
copy of
- * the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an AS IS BASIS,
WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
under
- * the License.
- */
-package com.google.gwt.animation.client;
-
-import com.google.gwt.dom.client.Element;
-
-/**
- * Implementation using codemozRequestAnimationFrame/code.
- *
- * @see a
href=https://developer.mozilla.org/en/DOM/window.mozRequestAnimationFrame;
- * Documentation on the MDN/a
- */
-class AnimationImplMozAnimTiming extends AnimationImpl {
-
- private int handle;
-
- @Override
- public void cancel(Animation animation) {
-handle++;
- }
-
- @Override
- public void run(Animation animation, Element element) {
-handle++;
-nativeRun(animation);
- }
-
- private native void nativeRun(Animation animation) /*-{
-var self = this;
-var handle =
th...@com.google.gwt.animation.client.AnimationImplMozAnimTiming::handle;
-var callback = $entry(function(time) {
- if (handle !=
se...@com.google.gwt.animation.client.AnimationImplMozAnimTiming::handle) {
-return; // cancelled
- }
- var complete =
se...@com.google.gwt.animation.client.AnimationImpl::updateAnimation(Lcom/google/gwt/animation/client/Animation;D)(animation,
time);
- if (!complete) {
-$wnd.mozRequestAnimationFrame(callback);
- }
-});
-
-$wnd.mozRequestAnimationFrame(callback);
- }-*/;
-}
===
--- /trunk/user/src/com/google/gwt/animation/client/AnimationImplTimer.java
Mon Apr 11 07:56:01 2011
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright 2011 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the License); you may
not
- * use this file except in compliance with the License. You may obtain a
copy of
- * the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless
[gwt-contrib] Re: Addresses ClassNotFoundException problems when the data structures serialized in (issue1412801)
http://gwt-code-reviews.appspot.com/1412801/diff/1/dev/core/test/com/google/gwt/dev/javac/PersistentUnitCacheTest.java
File dev/core/test/com/google/gwt/dev/javac/PersistentUnitCacheTest.java
(right):
http://gwt-code-reviews.appspot.com/1412801/diff/1/dev/core/test/com/google/gwt/dev/javac/PersistentUnitCacheTest.java#newcode41
dev/core/test/com/google/gwt/dev/javac/PersistentUnitCacheTest.java:41:
private final byte[] INVALID_CACHE_LOG = { //
This seems kinda brittle? I wonder if there's a way to generate an
appropriate stream programmatically.
Maybe something involving a pair of class loaders, A and B, which are
children of the system class loader, but provide one additional class, a
CompilationUnit subtype that isn't loaded in the system class loader.
You write the stream using A and read it back using B. In addition to
testing a class that doesn't exist in B, you could test slightly
different versions of the same class in A B and test for the
incompatible class change. Not sure if it's worth all that trouble tho,
just rambling here.
http://gwt-code-reviews.appspot.com/1412801/
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] [google-web-toolkit] r9972 committed - make it possible to just use devmode on a particular module while allo...
Revision: 9972
Author: unn...@google.com
Date: Mon Apr 11 11:56:17 2011
Log: make it possible to just use devmode on a particular module while
allowing the
others to run in prod mode
Review at http://gwt-code-reviews.appspot.com/1408802
Review by: fabio...@google.com
http://code.google.com/p/google-web-toolkit/source/detail?r=9972
Modified:
/trunk/dev/core/src/com/google/gwt/core/ext/linker/impl/devmode.js
/trunk/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeLinker.java
/trunk/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeTemplate.js
===
--- /trunk/dev/core/src/com/google/gwt/core/ext/linker/impl/devmode.js Thu
Feb 24 06:41:44 2011
+++ /trunk/dev/core/src/com/google/gwt/core/ext/linker/impl/devmode.js Mon
Apr 11 11:56:17 2011
@@ -252,7 +252,10 @@
var query = $wnd.location.search;
var idx = query.indexOf(gwt.codesvr=);
if (idx = 0) {
-idx += 12; // gwt.codesvr=.length() == 12
+idx += 12; // gwt.codesvr=.length == 12
+ } else {
+idx = query.indexOf(gwt.codesvr.__MODULE_NAME__=);
+idx += (13 + __MODULE_NAME__.length); //
}
if (idx = 0) {
var amp = query.indexOf(, idx);
===
---
/trunk/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeLinker.java
Mon Mar 21 12:22:19 2011
+++
/trunk/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeLinker.java
Mon Apr 11 11:56:17 2011
@@ -339,6 +339,7 @@
outputFilename = getHostedFilenameFull(context);
}
+replaceAll(buffer, __MODULE_NAME__, context.getModuleName());
String script =
generatePrimaryFragmentString(logger, context, result,
buffer.toString(), 1, artifacts);
===
---
/trunk/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeTemplate.js
Fri Mar 11 13:16:30 2011
+++
/trunk/dev/core/src/com/google/gwt/core/linker/CrossSiteIframeTemplate.js
Mon Apr 11 11:56:17 2011
@@ -34,7 +34,8 @@
function isHostedMode() {
var query = $wnd.location.search;
-return (query.indexOf('gwt.codesvr=') != -1);
+return ((query.indexOf('gwt.codesvr.__MODULE_NAME__=') != -1) ||
+(query.indexOf('gwt.codesvr=') != -1));
}
// Helper function to send statistics to the __gwtStatsEvent function if
it
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Fixed pom.xml produced by WebAppCreator. Issue 4878 and Issue 6196. (issue1407804)
http://gwt-code-reviews.appspot.com/1407804/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Fixed pom.xml produced by WebAppCreator. Issue 4878 and Issue 6196. (issue1407804)
http://gwt-code-reviews.appspot.com/1407804/diff/1/user/src/com/google/gwt/user/tools/templates/maven/pom.xmlsrc File user/src/com/google/gwt/user/tools/templates/maven/pom.xmlsrc (right): http://gwt-code-reviews.appspot.com/1407804/diff/1/user/src/com/google/gwt/user/tools/templates/maven/pom.xmlsrc#newcode71 user/src/com/google/gwt/user/tools/templates/maven/pom.xmlsrc:71: version2.2.0/version On 2011/04/08 22:08:27, drfibonacci wrote: 2.2.0-1 would pick up fix for copyWebapptrue/copyWebapp so it won't copy provided jars It seems 2.2.0-1 is not yet available. i could not get gwt-user into the generated war, either and copyWebApp seems to be only available at that version. Let's defer the use of copyWebApp for later. http://gwt-code-reviews.appspot.com/1407804/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] [google-web-toolkit] r9973 committed - Fixed pom.xml produced by WebAppCreator. Issue 4878 and Issue 6196....
Revision: 9973
Author: rchan...@google.com
Date: Mon Apr 11 13:05:14 2011
Log: Fixed pom.xml produced by WebAppCreator. Issue 4878 and Issue
6196.
Review at http://gwt-code-reviews.appspot.com/1407804
Review by: drfibona...@google.com
http://code.google.com/p/google-web-toolkit/source/detail?r=9973
Modified:
/trunk/user/src/com/google/gwt/user/tools/templates/maven/pom.xmlsrc
===
--- /trunk/user/src/com/google/gwt/user/tools/templates/maven/pom.xmlsrc
Fri Apr 8 08:46:11 2011
+++ /trunk/user/src/com/google/gwt/user/tools/templates/maven/pom.xmlsrc
Mon Apr 11 13:05:14 2011
@@ -40,9 +40,22 @@
dependency
groupIdjunit/groupId
artifactIdjunit/artifactId
- version4.4/version
+ version4.8.1/version
scopetest/scope
/dependency
+dependency
+ groupIdjavax.validation/groupId
+ artifactIdvalidation-api/artifactId
+ version1.0.0.GA/version
+ scopeprovided/scope
+/dependency
+dependency
+ groupIdjavax.validation/groupId
+ artifactIdvalidation-api/artifactId
+ version1.0.0.GA/version
+ classifiersources/classifier
+ scopeprovided/scope
+/dependency
/dependencies
build
@@ -55,6 +68,24 @@
plugin
groupIdorg.codehaus.mojo/groupId
artifactIdgwt-maven-plugin/artifactId
+ version2.2.0/version
+ dependencies
+ dependency
+groupIdcom.google.gwt/groupId
+artifactIdgwt-user/artifactId
+version${gwtVersion}/version
+ /dependency
+ dependency
+groupIdcom.google.gwt/groupId
+artifactIdgwt-dev/artifactId
+version${gwtVersion}/version
+ /dependency
+ dependency
+groupIdcom.google.gwt/groupId
+artifactIdgwt-servlet/artifactId
+version${gwtVersion}/version
+ /dependency
+ /dependencies
!-- JS is only needed in the package phase, this speeds up
testing --
executions
execution
@@ -72,13 +103,14 @@
!-- Location of the develop-mode web application structure
(gwt:run). --
hostedWebapptarget/www/hostedWebapp
!-- Ask GWT to create the Story of Your Compile (SOYC)
(gwt:compile) --
- soyctrue/soyc
+ compileReporttrue/compileReport
/configuration
/plugin
!-- Add source folders to test classpath in order to run gwt-tests
as normal junit-tests --
plugin
artifactIdmaven-surefire-plugin/artifactId
+ version2.5/version
configuration
additionalClasspathElements
additionalClasspathElement${project.build.sourceDirectory}/additionalClasspathElement
@@ -100,6 +132,7 @@
!-- Copy static web files before executing gwt:run --
plugin
artifactIdmaven-resources-plugin/artifactId
+version2.4.2/version
executions
execution
phasecompile/phase
@@ -121,6 +154,7 @@
!-- Delete gwt generated stuff --
plugin
artifactIdmaven-clean-plugin/artifactId
+ version2.3/version
configuration
filesets
filesetdirectorysrc/main/webapp/@renameTo/directory/fileset
@@ -131,7 +165,25 @@
/filesets
/configuration
/plugin
-
+
+ plugin
+ artifactIdmaven-eclipse-plugin/artifactId
+ version2.7/version !-- Note 2.8 does not work with AspectJ aspect
path --
+ configuration
+ downloadSourcestrue/downloadSources
+ downloadJavadocsfalse/downloadJavadocs
+ wtpversion2.0/wtpversion
+ additionalBuildcommands
+buildCommand
+ namecom.google.gwt.eclipse.core.gwtProjectValidator/name
+/buildCommand
+ /additionalBuildcommands
+ additionalProjectnatures
+
projectnaturecom.google.gwt.eclipse.core.gwtNature/projectnature
+ /additionalProjectnatures
+ /configuration
+ /plugin
+
/plugins
/build
/project
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Addresses ClassNotFoundException problems when the data structures serialized in (issue1412801)
I'm thinking about using ByteArrayOutputStream and serializing 2
special object with readObject() implemented to throw the exception I
want to test.
On Mon, Apr 11, 2011 at 5:30 PM, sco...@google.com wrote:
http://gwt-code-reviews.appspot.com/1412801/diff/1/dev/core/test/com/google/gwt/dev/javac/PersistentUnitCacheTest.java
File dev/core/test/com/google/gwt/dev/javac/PersistentUnitCacheTest.java
(right):
http://gwt-code-reviews.appspot.com/1412801/diff/1/dev/core/test/com/google/gwt/dev/javac/PersistentUnitCacheTest.java#newcode41
dev/core/test/com/google/gwt/dev/javac/PersistentUnitCacheTest.java:41:
private final byte[] INVALID_CACHE_LOG = { //
This seems kinda brittle? I wonder if there's a way to generate an
appropriate stream programmatically.
Maybe something involving a pair of class loaders, A and B, which are
children of the system class loader, but provide one additional class, a
CompilationUnit subtype that isn't loaded in the system class loader.
You write the stream using A and read it back using B. In addition to
testing a class that doesn't exist in B, you could test slightly
different versions of the same class in A B and test for the
incompatible class change. Not sure if it's worth all that trouble tho,
just rambling here.
http://gwt-code-reviews.appspot.com/1412801/
--
Eric Z. Ayers
Google Web Toolkit, Atlanta, GA USA
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Add SafeUri type, similar to SafeHtml but for values in a URL attribute context. (issue1380806)
On Sun, Apr 10, 2011 at 17:02, t.bro...@gmail.com wrote:
On 2011/04/10 18:32:38, xtof wrote:
I think this is pretty much ready, except for one thing I just thought
of.
Sorry, I should have thought of that earlier :/
In ClippedImageImpl, we're using a SafeUri in the context of a url()
style
expression (background: url({3})). However, the contract of SafeUri
is
currently not tight enough for this to be safe I think: SafeUri would
allow
e.g., parentheses, colons and dashes in un-escaped form in the URL.
In a
template where the URL appears in a url() css expression as above, a
URL like,
http://harmless.com/foo);background:url(javascript:evil());
would pass UriUtils#sanitizeUri (without getting URI-escaped or
anything), and
would result in script execution via CSS injection.
I hadn't looked closely at the SafeStyles API and thought it would be
covered there (and ClippedImageImpl would of course be updated to use
SafeStyles).
But note that, similarly, http://harmless.comonclick=evil() would
pass sanitizeUri and could result in script execution via HTML injection
(not through SafeHtml/SafeHtmlTemplates though, as the quotes would be
escaped).
Ok, I think you've convinced me :)
I think what you're saying is essentially this: The SafeUri contract only
promises that a URL will not result in script execution if dereferenced
as-is (which in practice means that its scheme is on a whitelist of ones
that don't cause script exec, and in particular isn't javascript:, etc).
However, when a SafeUri is embedded in a specific context, it *still* needs
to be appropriately escaped.
Which is what happens for uri-valued attribute context in SafeHtmlTemplates,
and I agree with you that we should treat URI-in-CSS context the same way,
and deal with any necessary escaping (or sanitization) there.
I do think that it might be worth to constrain SafeUri to only allow
syntactically valid URIs, or at least only strings consisting of characters
valid in URIs per the RFC. Unfortunately, GWT doesn't implement
java.net.URI and the former might be hard to do efficiently in browser-side
code; I can't think of any reason the latter isn't sufficient.
If we're both in agreement on that, I think we should change the doc of the
SafeUri contract to be a bit more specific about that. I.e., instead of
18 /**
19 * An object that implements this interface encapsulates a URI that is
20 * guaranteed to be safe to use (with respect to potential
Cross-Site-Scripting
21 * vulnerabilities) in a URL context, for example in a URL-typed
attribute in
22 * an HTML document.
more something along the lines:
/**
An object that implements this interface encapsulates a lexically valid
(with respect to the set of valid characters specified RFC 3986) URI that
when dereferenced, will not result in browser-side execution of script that
is not under program control.
p
Note that this type's contract does not constrain the set of characters that
may appear in the URI beyond the requirements of RFC 3986. If the value of a
SafeUri object is used in certain contexts of a HTML document, appropriate
escaping must be applied.
The CSS spec says whitespace, quotes (single and double) and parentheses
can be escaped using a backslash:
http://www.w3.org/TR/CSS2/syndata.html#uri
I believe I've read somewhere that this doesn't work in IE, but I can't find
the reference now...
One problem I'd worried about is this: parentheses are legal in URIs per
the RFC. At the same time, \xx escaping them in the CSS seems to not
actually be sufficient; such escaping doesn't prevent the string from being
interpreted as CSS syntax (what were they thinking???), see
http://code.google.com/p/browsersec/wiki/Part1#CSS_character_encoding.
I think we'll just have to %-escape parentheses and single quotes when using
a SafeUri in a CSS url(). I'm not really aware of them meaning anything
special in *http* URIs; even if RFC 3986 says that %-escaping parentheses
won't result in an equivalent URI I don't know of any reason doing so would
result in a different resource being addressed on a web server.
So maybe we could special-case SafeUri in CSS contexts in the generator?
I think we should just ban it (or at least warn), since we don't parse the
CSS and can't really tell what context in the CSS the URI is used in. A
safe style builder API would know, and would escape the URI correctly.
(we already special-case it for it's .asString(), and special-case URL
contexts for non-SafeUri values to sanitize them, so...)
So I think we need to,
- tighten the SafeUri contract so it explicitly specifies which
character set
can occur in a SafeUri
- add a sanitizeAndEscapeUri method to UriUtils that both checks for
an allowed
scheme and URI/%-escapes characters not in the allowed charset (or
maybe rejects
URLs with certain funny characters in them).
We can quite simply %-escape those chars that are special to CSS (see
[gwt-contrib] Re: Adding a new annotation SafeHtmlTemplates.SafeForCss to specify that a parameter is known to be ... (issue1384801)
LGTM!
http://gwt-code-reviews.appspot.com/1384801/diff/8001/user/src/com/google/gwt/safehtml/rebind/SafeHtmlTemplatesImplMethodCreator.java
File
user/src/com/google/gwt/safehtml/rebind/SafeHtmlTemplatesImplMethodCreator.java
(right):
http://gwt-code-reviews.appspot.com/1384801/diff/8001/user/src/com/google/gwt/safehtml/rebind/SafeHtmlTemplatesImplMethodCreator.java#newcode315
user/src/com/google/gwt/safehtml/rebind/SafeHtmlTemplatesImplMethodCreator.java:315:
logger.log(TreeLogger.WARN,
On 2011/04/07 15:45:57, jlabanca wrote:
I added a comment explaining that we've already checked that the user
did not
try to use SafeStyles in a non-CSS context.
The reason for the split checks is that each Safe type is only valid
in one
context, so it makes sense to check that separately. Otherwise, we
would have
to have a !SafeHtml/!SafeStyles check in every context where those
classes
aren't supported.
Conversely, some contexts have or will have a Safe value that is
appropriate for
that context. Adding the warning in the switch statement allows us to
do check
if the user could have used a Safe class specific to the current
context. If we
move the warnings out of the switch statement, then we would have to
check the
current context to see if the user could have chosen a better Safe
value, which
would basically add a duplicate (subset) switch statement.
I see... Makes sense and SGTM.
http://gwt-code-reviews.appspot.com/1384801/diff/8025/user/src/com/google/gwt/safecss/shared/SafeStyles.java
File user/src/com/google/gwt/safecss/shared/SafeStyles.java (right):
http://gwt-code-reviews.appspot.com/1384801/diff/8025/user/src/com/google/gwt/safecss/shared/SafeStyles.java#newcode75
user/src/com/google/gwt/safecss/shared/SafeStyles.java:75: * liwidth:
1em;/li
Should these be {@code}?
http://gwt-code-reviews.appspot.com/1384801/
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Addresses ClassNotFoundException problems when the data structures serialized in (issue1412801)
On 2011/04/11 23:17:07, zundel wrote: I'm thinking about using ByteArrayOutputStream and serializing 2 special object with readObject() implemented to throw the exception I want to test. SGTM! http://gwt-code-reviews.appspot.com/1412801/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] [google-web-toolkit] r9974 committed - Cherry picking r9967 into releases/2.3
Revision: 9974
Author: rchan...@google.com
Date: Mon Apr 11 13:59:08 2011
Log: Cherry picking r9967 into releases/2.3
http://code.google.com/p/google-web-toolkit/source/detail?r=9974
Modified:
/releases/2.3/samples/expenses/pom.xml
/releases/2.3/user/src/com/google/gwt/user/tools/templates/maven/pom.xmlsrc
===
--- /releases/2.3/samples/expenses/pom.xml Wed Mar 9 09:59:27 2011
+++ /releases/2.3/samples/expenses/pom.xml Mon Apr 11 13:59:08 2011
@@ -1,652 +1,652 @@
?xml version=1.0 encoding=UTF-8 standalone=no?
project xmlns=http://maven.apache.org/POM/4.0.0;
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
xsi:schemaLocation=http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd;
- modelVersion4.0.0/modelVersion
- groupIdcom.google.gwt.sample.expenses/groupId
- artifactIdexpenses/artifactId
- packagingwar/packaging
- version0.1.0.BUILD-SNAPSHOT/version
- nameexpenses/name
- properties
+ modelVersion4.0.0/modelVersion
+ groupIdcom.google.gwt.sample.expenses/groupId
+ artifactIdexpenses/artifactId
+ packagingwar/packaging
+ version0.1.0.BUILD-SNAPSHOT/version
+ nameexpenses/name
+ properties
gwt.version2.2.0/gwt.version
- roo.version1.1.0.RELEASE/roo.version
- spring.version3.0.3.RELEASE/spring.version
- slf4j.version1.6.1/slf4j.version
- gae.version1.4.2/gae.version
+roo.version1.1.0.RELEASE/roo.version
+spring.version3.0.3.RELEASE/spring.version
+slf4j.version1.6.1/slf4j.version
+gae.version1.4.2/gae.version
gae-test.version1.4.2/gae-test.version
gae.home${user.home}/.m2/repository/com/google/appengine/appengine-java-sdk/${gae.version}/appengine-java-sdk-${gae.version}/gae.home
datanucleus.version1.1.5/datanucleus.version
-/properties
- repositories
-repository
-idspring-maven-release/id
-nameSpring Maven Release Repository/name
-urlhttp://maven.springframework.org/release/url
-/repository
-repository
-idspring-maven-milestone/id
-nameSpring Maven Milestone Repository/name
-urlhttp://maven.springframework.org/milestone/url
-/repository
-repository
-idspring-roo-repository/id
-nameSpring Roo Repository/name
-
urlhttp://spring-roo-repository.springsource.org/release/url
-/repository
+ /properties
+ repositories
repository
-idDataNucleus_2/id
-urlhttp://www.datanucleus.org/downloads/maven2//url
-nameDataNucleus/name
-/repository
+ idspring-maven-release/id
+ nameSpring Maven Release Repository/name
+ urlhttp://maven.springframework.org/release/url
+/repository
repository
-idJBoss Repo/id
-
urlhttps://repository.jboss.org/nexus/content/repositories/releases/url
-nameJBoss Repo/name
-/repository
-/repositories
-pluginRepositories
+ idspring-maven-milestone/id
+ nameSpring Maven Milestone Repository/name
+ urlhttp://maven.springframework.org/milestone/url
+/repository
+repository
+ idspring-roo-repository/id
+ nameSpring Roo Repository/name
+ urlhttp://spring-roo-repository.springsource.org/release/url
+/repository
+repository
+ idDataNucleus_2/id
+ urlhttp://www.datanucleus.org/downloads/maven2//url
+ nameDataNucleus/name
+/repository
+repository
+ idJBoss Repo/id
+
urlhttps://repository.jboss.org/nexus/content/repositories/releases/url
+ nameJBoss Repo/name
+/repository
+ /repositories
+ pluginRepositories
pluginRepository
-idDataNucleus_2/id
-urlhttp://www.datanucleus.org/downloads/maven2//url
-/pluginRepository
-/pluginRepositories
- dependencies
- !-- General dependencies for standard applications --
- dependency
- groupIdjunit/groupId
- artifactIdjunit/artifactId
- version4.8.1/version
- scopetest/scope
- /dependency
- dependency
- groupIdlog4j/groupId
- artifactIdlog4j/artifactId
- version1.2.16/version
- /dependency
- dependency
- groupIdorg.slf4j/groupId
- artifactIdslf4j-api/artifactId
- version${slf4j.version}/version
- /dependency
- dependency
- groupIdorg.slf4j/groupId
- artifactIdjcl-over-slf4j/artifactId
- version${slf4j.version}/version
- /dependency
- dependency
- groupIdorg.slf4j/groupId
-
[gwt-contrib] Clean up the CrossSiteIFrameLoadingStrategy class, removing some dead code, (issue1413801)
Reviewers: zundel,
Description:
Clean up the CrossSiteIFrameLoadingStrategy class, removing some dead
code,
adding comments to clarify what is going on, and making it throw an
error
which is more explicit about what triggered the error
Please review this at http://gwt-code-reviews.appspot.com/1413801/
Affected files:
M user/src/com/google/gwt/core/client/CodeDownloadException.java
M
user/src/com/google/gwt/core/client/impl/CrossSiteIframeLoadingStrategy.java
Index: user/src/com/google/gwt/core/client/CodeDownloadException.java
===
--- user/src/com/google/gwt/core/client/CodeDownloadException.java
(revision 9972)
+++ user/src/com/google/gwt/core/client/CodeDownloadException.java (working
copy)
@@ -27,10 +27,10 @@
* need to be down loaded.
*/
public enum Reason {
-/**
- * Generic code for terminating the download.
- */
-TERMINATED
+ONERROR,
+ONLOAD,
+READYSTATELOADED,
+READYSTATECOMPLETE,
}
private final Reason reason;
Index:
user/src/com/google/gwt/core/client/impl/CrossSiteIframeLoadingStrategy.java
===
---
user/src/com/google/gwt/core/client/impl/CrossSiteIframeLoadingStrategy.java
(revision 9972)
+++
user/src/com/google/gwt/core/client/impl/CrossSiteIframeLoadingStrategy.java
(working copy)
@@ -25,14 +25,6 @@
/**
* Load runAsync code using a script tag. Intended for use with the
* {@link com.google.gwt.core.linker.CrossSiteIframeLinker}.
- *
- * p
- * The linker wraps its selection script code with a function refered to by
- * code__gwtModuleFunction/code. On that function is a property
- * codeinstallCode/code that can be invoked to eval more code in a
scope
- * nested somewhere within that function. The loaded script for fragment
123 is
- * expected to invoke code__gwtModuleFunction.runAsyncCallback123/code
- * as the final thing it does.
*/
public class CrossSiteIframeLoadingStrategy implements LoadingStrategy {
/**
@@ -58,10 +50,19 @@
}-*/;
}
- private static final RuntimeException LoadTerminated =
- new CodeDownloadException(Code download terminated,
-CodeDownloadException.Reason.TERMINATED);
-
+ private static final RuntimeException LoadTerminatedError =
+ new CodeDownloadException(Code download terminated - onError,
+CodeDownloadException.Reason.ONERROR);
+ private static final RuntimeException LoadTerminatedLoaded =
+new CodeDownloadException(Code download terminated - onLoad,
+ CodeDownloadException.Reason.ONLOAD);
+ private static final RuntimeException LoadTerminatedReadyComplete =
+new CodeDownloadException(Code download terminated - onReadyComplete,
+
CodeDownloadException.Reason.READYSTATECOMPLETE);
+ private static final RuntimeException LoadTerminatedReadyLoaded =
+new CodeDownloadException(Code download terminated - onReadyLoaded,
+
CodeDownloadException.Reason.READYSTATELOADED);
+
/**
* Clear callbacks on script objects. This is important on IE 6 and 7 to
* prevent a memory leak. If the callbacks aren't cleared, there is a
cyclical
@@ -71,13 +72,6 @@
private static native void clearCallbacks(JavaScriptObject script) /*-{
var nop = new Function('');
script.onerror = script.onload = script.onreadystatechange = nop;
- }-*/;
-
- /**
- * Clear the success callback for fragment codefragment/code.
- */
- private static native void clearOnSuccess(int fragment) /*-{
-delete __gwtModuleFunction['runAsyncCallback'+fragment];
}-*/;
private static native JavaScriptObject createScriptTag(String url) /*-{
@@ -97,13 +91,18 @@
LoadTerminatedHandler loadFinishedHandler) /*-{
return function(exception) {
if (tag.parentNode == null) {
- // onSuccess or onFailure must have already been called.
+ // This function must have already been called.
return;
}
var head = document.getElementsByTagName('head').item(0);
-
@com.google.gwt.core.client.impl.CrossSiteIframeLoadingStrategy::clearOnSuccess(*)(fragment);
@com.google.gwt.core.client.impl.CrossSiteIframeLoadingStrategy::clearCallbacks(*)(tag);
head.removeChild(tag);
+ // It seems unintuitive to call the error function every time, but
+ // it appears that AsyncFragmentLoader::fragmentHasLoaded (which is
+ // called by each fragment) will set the fragmentLoading variable to
+ // -1 when the code in this fragment executes, so this
+ // loadTerminated call will fail the (fragmentLoading == fragment)
check
+ // and will immediately exit, so no errors are actually fired.
function callLoadTerminated() {
[gwt-contrib] [google-web-toolkit] r9975 committed - Cherry picking r9973 into releases/2.3 for isuees 4878 and 6196
Revision: 9975
Author: rchan...@google.com
Date: Mon Apr 11 14:26:39 2011
Log: Cherry picking r9973 into releases/2.3 for isuees 4878 and 6196
http://code.google.com/p/google-web-toolkit/source/detail?r=9975
Modified:
/releases/2.3/user/src/com/google/gwt/user/tools/templates/maven/pom.xmlsrc
===
---
/releases/2.3/user/src/com/google/gwt/user/tools/templates/maven/pom.xmlsrc
Mon Apr 11 13:59:08 2011
+++
/releases/2.3/user/src/com/google/gwt/user/tools/templates/maven/pom.xmlsrc
Mon Apr 11 14:26:39 2011
@@ -40,9 +40,22 @@
dependency
groupIdjunit/groupId
artifactIdjunit/artifactId
- version4.4/version
+ version4.8.1/version
scopetest/scope
/dependency
+dependency
+ groupIdjavax.validation/groupId
+ artifactIdvalidation-api/artifactId
+ version1.0.0.GA/version
+ scopeprovided/scope
+/dependency
+dependency
+ groupIdjavax.validation/groupId
+ artifactIdvalidation-api/artifactId
+ version1.0.0.GA/version
+ classifiersources/classifier
+ scopeprovided/scope
+/dependency
/dependencies
build
@@ -55,6 +68,24 @@
plugin
groupIdorg.codehaus.mojo/groupId
artifactIdgwt-maven-plugin/artifactId
+ version2.2.0/version
+ dependencies
+ dependency
+groupIdcom.google.gwt/groupId
+artifactIdgwt-user/artifactId
+version${gwtVersion}/version
+ /dependency
+ dependency
+groupIdcom.google.gwt/groupId
+artifactIdgwt-dev/artifactId
+version${gwtVersion}/version
+ /dependency
+ dependency
+groupIdcom.google.gwt/groupId
+artifactIdgwt-servlet/artifactId
+version${gwtVersion}/version
+ /dependency
+ /dependencies
!-- JS is only needed in the package phase, this speeds up
testing --
executions
execution
@@ -72,13 +103,14 @@
!-- Location of the develop-mode web application structure
(gwt:run). --
hostedWebapptarget/www/hostedWebapp
!-- Ask GWT to create the Story of Your Compile (SOYC)
(gwt:compile) --
- soyctrue/soyc
+ compileReporttrue/compileReport
/configuration
/plugin
!-- Add source folders to test classpath in order to run gwt-tests
as normal junit-tests --
plugin
artifactIdmaven-surefire-plugin/artifactId
+ version2.5/version
configuration
additionalClasspathElements
additionalClasspathElement${project.build.sourceDirectory}/additionalClasspathElement
@@ -100,6 +132,7 @@
!-- Copy static web files before executing gwt:run --
plugin
artifactIdmaven-resources-plugin/artifactId
+version2.4.2/version
executions
execution
phasecompile/phase
@@ -121,6 +154,7 @@
!-- Delete gwt generated stuff --
plugin
artifactIdmaven-clean-plugin/artifactId
+ version2.3/version
configuration
filesets
filesetdirectorysrc/main/webapp/@renameTo/directory/fileset
@@ -131,7 +165,25 @@
/filesets
/configuration
/plugin
-
+
+ plugin
+ artifactIdmaven-eclipse-plugin/artifactId
+ version2.7/version !-- Note 2.8 does not work with AspectJ aspect
path --
+ configuration
+ downloadSourcestrue/downloadSources
+ downloadJavadocsfalse/downloadJavadocs
+ wtpversion2.0/wtpversion
+ additionalBuildcommands
+buildCommand
+ namecom.google.gwt.eclipse.core.gwtProjectValidator/name
+/buildCommand
+ /additionalBuildcommands
+ additionalProjectnatures
+
projectnaturecom.google.gwt.eclipse.core.gwtNature/projectnature
+ /additionalProjectnatures
+ /configuration
+ /plugin
+
/plugins
/build
/project
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Add SafeUri type, similar to SafeHtml but for values in a URL attribute context. (issue1380806)
On 2011/04/11 23:18:13, xtof wrote:
If we're both in agreement on that, I think we should change the doc
of the
SafeUri contract to be a bit more specific about that. I.e., instead
of
18 /**
19 * An object that implements this interface encapsulates a URI
that is
20 * guaranteed to be safe to use (with respect to potential
Cross-Site-Scripting
21 * vulnerabilities) in a URL context, for example in a URL-typed
attribute in
22 * an HTML document.
more something along the lines:
/**
An object that implements this interface encapsulates a lexically
valid
(with respect to the set of valid characters specified RFC 3986) URI
that
when dereferenced, will not result in browser-side execution of script
that
is not under program control.
p
Note that this type's contract does not constrain the set of
characters that
may appear in the URI beyond the requirements of RFC 3986. If the
value of a
SafeUri object is used in certain contexts of a HTML document,
appropriate
escaping must be applied.
SGTM
The CSS spec says whitespace, quotes (single and double) and
parentheses
can be escaped using a backslash:
http://www.w3.org/TR/CSS2/syndata.html#uri
I believe I've read somewhere that this doesn't work in IE, but I
can't find
the reference now...
One problem I'd worried about is this: parentheses are legal in URIs
per
the RFC. At the same time, \xx escaping them in the CSS seems to
not
actually be sufficient; such escaping doesn't prevent the string from
being
interpreted as CSS syntax (what were they thinking???), see
http://code.google.com/p/browsersec/wiki/Part1#CSS_character_encoding.
Note that the CSS spec talks about using '\(', not '\028'. I however
have absolutely no idea how well this is supported by browsers.
I think we'll just have to %-escape parentheses and single quotes when
using
a SafeUri in a CSS url(). I'm not really aware of them meaning
anything
special in *http* URIs; even if RFC 3986 says that %-escaping
parentheses
won't result in an equivalent URI I don't know of any reason doing so
would
result in a different resource being addressed on a web server.
+1
So maybe we could special-case SafeUri in CSS contexts in the
generator?
I think we should just ban it (or at least warn), since we don't parse
the
CSS and can't really tell what context in the CSS the URI is used in.
A
safe style builder API would know, and would escape the URI correctly.
We already have the warning about SafeUri outside URL-attribute
context, we sure could specialize the message a bit for the CSS
context.
I think you're right; sanitizeUri should %-escape characters not
allowed by
RFC 3986. Looks like passing the string through
http://google-web-toolkit.googlecode.com/svn/javadoc/latest/com/google/gwt/http/client/URL.html#encode%28java.lang.String%29would
be sufficient? Anyway, I'll take a TODO item for this.
URL.encode wouldn't preserve existing %-escapes and would replace, e.g.
%28 with %2528. The algorithm should probably be similar to
htmlEscapeAllowEntities (i.e. split on %-escapes and encode the rest).
Also, URL.encode doesn't %-escape single quotes and parentheses.
Finally, URL.encode is client side only, so an equivalent pure Java
algorithm should be written for the JVM (that would be less efficient
in the browser). Maybe let's start with a single, shared, algorithm
andadd the URL.encode-based one later (and benchmark!)
I'm still wondering if we should properly parse the whole URL and
insist
it's syntactically valid; when I wrote sanitizeUri I chose not to
because
there's no easily available way to do it in GWT (since java.net.URI
isn't
implemented), and it would seem to be fairly costly to do.
I believe %-escaping à la URL.encode would provide enough safety.
http://gwt-code-reviews.appspot.com/1380806/
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
[gwt-contrib] Re: Add SafeUri type, similar to SafeHtml but for values in a URL attribute context. (issue1380806)
On Mon, Apr 11, 2011 at 17:54, t.bro...@gmail.com wrote:
Note that the CSS spec talks about using '\(', not '\028'. I however
have absolutely no idea how well this is supported by browsers.
I think I read somewhere that this doesn't work in IE (which seems to
interpret \ literally in URLs because windows users keep typing things like
http:\\example.com\ into URL bars). I should test this...
We already have the warning about SafeUri outside URL-attribute
context, we sure could specialize the message a bit for the CSS
context.
I see what you mean. Either way is fine by me ;)
I think you're right; sanitizeUri should %-escape characters not
allowed by
RFC 3986. Looks like passing the string through
http://google-web-toolkit.googlecode.com/svn/javadoc/latest/com/google/gwt/http/client/URL.html#encode%28java.lang.String%29would
be sufficient? Anyway, I'll take a TODO item for this.
URL.encode wouldn't preserve existing %-escapes and would replace, e.g.
%28 with %2528. The algorithm should probably be similar to
htmlEscapeAllowEntities (i.e. split on %-escapes and encode the rest).
Also, URL.encode doesn't %-escape single quotes and parentheses.
Got it; yup you're right.
Finally, URL.encode is client side only, so an equivalent pure Java
algorithm should be written for the JVM (that would be less efficient
in the browser). Maybe let's start with a single, shared, algorithm
andadd the URL.encode-based one later (and benchmark!)
SGTM...
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
