hello devs, as some of you might already know I'm working on custom node types and namespace support. Below is a sample of a custom node type definition in CND (c for compact) format:
----------------------------------------------------------------------- <nt='http://www.jcp.org/jcr/nt/1.0'> <expro='http://example.com/jcr/ns/products'> [expro:Product] > nt:base - expro:title (String) - expro:description (String) - expro:category (String) - expro:group (String) - expro:sizes (String) multiple - expro:colors (String) multiple - expro:finishes (String) multiple - expro:images (String) multiple ----------------------------------------------------------------------- This works already quite well but now I have trouble with some Dialogs and Controls. The Dialogs and Controls write out invalid HTML because they don't sanitize the names and ids they use [opera], [security] - they use invalid characters ('-', '/', ...). It's getting even more worse when using property or node names with a prefix because of the colon (':'). A JavaScript function name with a colon simply doesn't work. I reviewed all Controls and Dialogs and tried to fix it with a sanitize function. But there is still a lot of work to do and a question came up to my mind: Should we use FreeMarker for all Dialogs and Controls instead of that clumsy HTML inside the Java classes as DialogMultiSelect is already doing for some HTML? I would like to hear your opinions on that. O. [opera]: this could be a cause for Opera to not display anything in tree view [security]: not sanitizing ids and names and not escaping values could lead to security holes (XSS and that stuff) ---------------------------------------------------------------- for list details see http://www.magnolia.info/en/developer.html ----------------------------------------------------------------
