thx, especially for the security hint.
On Friday, 14 September 2012 16:45:29 UTC+2, Jens wrote: > > So for each image to server requests are necessary: >> >> 1 to get the dto and create html with image-url >> 2 to get the image from servlet >> > > Yes, although the second request is done by the browser and not by your > GWT app. To remove the browser request, you would need to use data uris > (base64) and use the data uri instead of the server url. But as you said, > you don't want that. > > Just be aware of XSS attacks. A possible man in the middle attack could > probably modify the raw html while its send from server to client. The html > would then contain some evil javascript that will be executed by the > browser in your app's context as soon as you render the html. > > -- J. > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/7eI0GotdbWAJ. To post to this group, send email to google-web-toolkit@googlegroups.com. To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
