Re: Missing maven dependency for tapx-datefield?
I realize the tapx-datefield is built for Tapestry 5.1+. I was just trying to point out that the repository appeared to have a missing dependency. However, it appears to have the expected structure now. Either way, thanks for you help, greatly appreciated. Eric On Mon, May 25, 2009 at 6:37 PM, Joost Schouten (mailing lists) < joost...@jsportal.com> wrote: > as per: > http://tapestry.formos.com/nightly/tapx/tapx-datefield/ > > tapx-datefield is built for use with Tapestry 5.1 and higher. > > cheers, > Joost > > On Tue, May 26, 2009 at 11:42 AM, Eric Rogers > wrote: > > Hi All, > > > > > > I am having a problem trying to add the tapx-datefield artifact a > Tapestry > > 5.0.18 project. More specifically, I have added the following to my > > pom.xml: > > > > > > com.formos.tapestry > > tapx-datefield > > 1.0.0-SNAPSHOT > > > > > > Maven fails while trying to resolve a tapestry360-project dependency, for > > which this artifact appears to rely on. The error itself appears as > > follows: > > > > [WARNING] An error occurred during dependency resolution of the following > > artifact: > > > > com.formos.tapestry:tapx-datefield1.0.0-SNAPSHOT > > > > Caused by: Unable to get dependency information: Unable to read the > metadata > > file for artifact 'com.formos.tapestry:tapx-datefield:jar': Cannot find > > parent: com.formos.tapestry:tapestry360-project for project: > > com.formos.tapestry:tapx-project:pom:1.0.0-SNAPSHOT for project > > com.formos.tapestry:tapx-project:pom:1.0.0-SNAPSHOT > > com.formos.tapestry:tapx-datefield:jar:1.0.0-SNAPSHOT > > > > I looked through the snapshot repository at > > http://tapestry.formos.com/maven-snapshot-repository, and found no such > > artifact. > > > > Any insight would be greatly appreciated. > > > > Thanks, > > > > Eric > > > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >
Missing maven dependency for tapx-datefield?
Hi All, I am having a problem trying to add the tapx-datefield artifact a Tapestry 5.0.18 project. More specifically, I have added the following to my pom.xml: com.formos.tapestry tapx-datefield 1.0.0-SNAPSHOT Maven fails while trying to resolve a tapestry360-project dependency, for which this artifact appears to rely on. The error itself appears as follows: [WARNING] An error occurred during dependency resolution of the following artifact: com.formos.tapestry:tapx-datefield1.0.0-SNAPSHOT Caused by: Unable to get dependency information: Unable to read the metadata file for artifact 'com.formos.tapestry:tapx-datefield:jar': Cannot find parent: com.formos.tapestry:tapestry360-project for project: com.formos.tapestry:tapx-project:pom:1.0.0-SNAPSHOT for project com.formos.tapestry:tapx-project:pom:1.0.0-SNAPSHOT com.formos.tapestry:tapx-datefield:jar:1.0.0-SNAPSHOT I looked through the snapshot repository at http://tapestry.formos.com/maven-snapshot-repository, and found no such artifact. Any insight would be greatly appreciated. Thanks, Eric
Re: Pattern or strategy to sanitize input for cross-site scripting characters.
Thanks, greatly appreciated. Eric On Thu, Aug 21, 2008 at 12:27 PM, Martijn Brinkers (List) < [EMAIL PROTECTED]> wrote: > It's not typical to html escape input. HTML is about presentation and > most input is just input. In other words, you want to HTML escape just > before presenting the input to the user but not store the input escaped > (at least I think that's what most applications use). > > Tapestry does already HTML escape all output unless you render the data > raw on purpose. There are however a few things that should be careful > of. If you dynamically add some Javascript based on user input (using a > Mixin for example) you should make sure that the user input cannot > 'escape' the quotes of your Javascript code because that would create a > possible XSS vulnerability. > > Martijn > > On Thu, 2008-08-21 at 12:12 -0600, Eric Rogers wrote: > > Hello Howard, > > > > Does Tapestry provide any way to do this on input, even if it is just for > > all form data that is submitted? Perhaps being able to wire an > interceptor > > of some form in? > > > > Thanks, > > > > Eric > > > > > > On Thu, Aug 21, 2008 at 11:57 AM, Eric Rogers <[EMAIL PROTECTED]> > wrote: > > > > > Hello Howard, > > > > > > Thanks for the information. > > > > > > Thanks, > > > > > > Eric > > > > > > > > > > > > On Tue, Aug 19, 2008 at 1:18 PM, Howard Lewis Ship <[EMAIL PROTECTED] > >wrote: > > > > > >> Tapestry mostly captures this on the output side; that is, when you > > >> output a string (using, say ${property} expansion), the output is > > >> filtered; the key HTML entities, "<", "&" and ">", are converted to > > >> proper entities: "<", etc. > > >> > > >> On Tue, Aug 19, 2008 at 11:11 AM, Eric Rogers <[EMAIL PROTECTED]> > > >> wrote: > > >> > Hello All, > > >> > > > >> > I am using Tapestry 5.0.14 and am looking to filter input in my > Tapestry > > >> > application for characters related to cross-site scripting. Some > input > > >> is > > >> > from regular form submission, while other input is received using > AJAX > > >> event > > >> > listeners and JSON. I realize that one can use a custom translator > to > > >> scrub > > >> > any unwanted characters from input for a given field. However, I > was > > >> > wondering if anyone has come across a more general pattern or > strategy > > >> to do > > >> > this for both form and JSON input without having to explicitly > define a > > >> > translator for form fields, and manually call some method to do the > same > > >> for > > >> > a JSONObject. > > >> > > > >> > Thanks, > > >> > > > >> > Eric > > >> > > > >> > > >> > > >> > > >> -- > > >> Howard M. Lewis Ship > > >> > > >> Creator Apache Tapestry and Apache HiveMind > > >> > > >> - > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > >> For additional commands, e-mail: [EMAIL PROTECTED] > > >> > > >> > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: Pattern or strategy to sanitize input for cross-site scripting characters.
Hello Howard, Does Tapestry provide any way to do this on input, even if it is just for all form data that is submitted? Perhaps being able to wire an interceptor of some form in? Thanks, Eric On Thu, Aug 21, 2008 at 11:57 AM, Eric Rogers <[EMAIL PROTECTED]> wrote: > Hello Howard, > > Thanks for the information. > > Thanks, > > Eric > > > > On Tue, Aug 19, 2008 at 1:18 PM, Howard Lewis Ship <[EMAIL PROTECTED]>wrote: > >> Tapestry mostly captures this on the output side; that is, when you >> output a string (using, say ${property} expansion), the output is >> filtered; the key HTML entities, "<", "&" and ">", are converted to >> proper entities: "<", etc. >> >> On Tue, Aug 19, 2008 at 11:11 AM, Eric Rogers <[EMAIL PROTECTED]> >> wrote: >> > Hello All, >> > >> > I am using Tapestry 5.0.14 and am looking to filter input in my Tapestry >> > application for characters related to cross-site scripting. Some input >> is >> > from regular form submission, while other input is received using AJAX >> event >> > listeners and JSON. I realize that one can use a custom translator to >> scrub >> > any unwanted characters from input for a given field. However, I was >> > wondering if anyone has come across a more general pattern or strategy >> to do >> > this for both form and JSON input without having to explicitly define a >> > translator for form fields, and manually call some method to do the same >> for >> > a JSONObject. >> > >> > Thanks, >> > >> > Eric >> > >> >> >> >> -- >> Howard M. Lewis Ship >> >> Creator Apache Tapestry and Apache HiveMind >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >
Re: Pattern or strategy to sanitize input for cross-site scripting characters.
Hello Howard, Thanks for the information. Thanks, Eric On Tue, Aug 19, 2008 at 1:18 PM, Howard Lewis Ship <[EMAIL PROTECTED]> wrote: > Tapestry mostly captures this on the output side; that is, when you > output a string (using, say ${property} expansion), the output is > filtered; the key HTML entities, "<", "&" and ">", are converted to > proper entities: "<", etc. > > On Tue, Aug 19, 2008 at 11:11 AM, Eric Rogers <[EMAIL PROTECTED]> > wrote: > > Hello All, > > > > I am using Tapestry 5.0.14 and am looking to filter input in my Tapestry > > application for characters related to cross-site scripting. Some input > is > > from regular form submission, while other input is received using AJAX > event > > listeners and JSON. I realize that one can use a custom translator to > scrub > > any unwanted characters from input for a given field. However, I was > > wondering if anyone has come across a more general pattern or strategy to > do > > this for both form and JSON input without having to explicitly define a > > translator for form fields, and manually call some method to do the same > for > > a JSONObject. > > > > Thanks, > > > > Eric > > > > > > -- > Howard M. Lewis Ship > > Creator Apache Tapestry and Apache HiveMind > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Pattern or strategy to sanitize input for cross-site scripting characters.
Hello All, I am using Tapestry 5.0.14 and am looking to filter input in my Tapestry application for characters related to cross-site scripting. Some input is from regular form submission, while other input is received using AJAX event listeners and JSON. I realize that one can use a custom translator to scrub any unwanted characters from input for a given field. However, I was wondering if anyone has come across a more general pattern or strategy to do this for both form and JSON input without having to explicitly define a translator for form fields, and manually call some method to do the same for a JSONObject. Thanks, Eric
Re: RES: Calling Javascript after updating a Zone
Thanks for the feedback, very much appreciated. I would like to keep my Javascript and HTML as separate as possible, hence the less inline Javascript the better. I have looked through the tapestry.js script and noticed that after a zone is updated with the content from the AJAX response, the success handler calls the Tapestry.processScriptInReply function. It appears that this function checks for and evaluates a script property in the response JSONObject that it receives. Given that I am returning a Block from my event listener, I am wondering if there is any way to set this script property so that Tapestry will include it in the JSONObject it sends back with the rendered markup from the Block component. Any thoughts? Eric On Sun, Aug 3, 2008 at 5:59 PM, Andreas Pursian <[EMAIL PROTECTED]> wrote: > Hi Eric, > > why not call the javascript at the end of the corresponding block element > like this ... > > > > > some content . > > >showexampleWindow(); > > > > cheers! > > andreas > > Original-Nachricht > > Datum: Thu, 31 Jul 2008 22:06:01 -0300 > > Von: "Thiago Henrique de Carvalho" <[EMAIL PROTECTED]> > > An: "\'Tapestry users\'" > > Betreff: RES: Calling Javascript after updating a Zone > > > Hi there, > > > > Thought not exactly what you asked, in Tapestry 4 I use to do this by > > adding > > JavaScript code to a Block or Component's html scope, so when it is > > updated > > via AJAX the code runs and may call other functions already loaded in the > > page. > > > > > > Thiago > > > > > > -Mensagem original- > > De: Eric Rogers [mailto:[EMAIL PROTECTED] > > Enviada em: quinta-feira, 31 de julho de 2008 20:07 > > Para: users@tapestry.apache.org > > Assunto: Calling Javascript after updating a Zone > > > > Hello All, > > > > Using Tapestry 5.0.13. > > > > I have a form, which has a corresponding zone to update when it is > > submitted. I am returning a block from the action handler for the form > > submission to update the content of the zone with. This works as > > expected. > > However, I am wondering if Tapestry has a built-in hook that would allow > > the > > calling of additional Javascript once the zone has been updated. > > > > Any thoughts? > > > > Thanks, > > > > Eric > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > -- > Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten > Browser-Versionen downloaden: http://www.gmx.net/de/go/browser > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Calling Javascript after updating a Zone
Hello All, Using Tapestry 5.0.13. I have a form, which has a corresponding zone to update when it is submitted. I am returning a block from the action handler for the form submission to update the content of the zone with. This works as expected. However, I am wondering if Tapestry has a built-in hook that would allow the calling of additional Javascript once the zone has been updated. Any thoughts? Thanks, Eric
Form AJAX submission with Zone component appears to break if form validation is added.
5.0.12 Snapshot If I have a page containing a form and an associated zone component to update, everything works as expected. However, when I add validation to a field on the form, the submission for the form is treated as regular submission, and not one handled through AJAX. More specifically, looking at the tapestry.js script, it appears that when the page is loaded, the form's onsubmit event handler is at first bound properly. However, the Tapestry.FormEventManager appears to rebind the onsubmit event to its own handleSubmit function, completely ignoring the previous event handler. I am just wondering if this is working as intended and whether or not anyone else has encountered this. If not, would this be classified as a bug? I have included some test code below. Thanks, Eric Test.tml: Test.java: public class Test { private String name; //if we remove @Validate("required"), everything works as expected. @Validate("required") public String getName() { return name; } public void setName(String name) { this.name = name; } Object onSuccess() { JSONObject response = new JSONObject(); response.put("content", "test me"); return new JSONStreamResponse(response); } }