On Fri, Mar 5, 2010 at 9:32 AM, Dano <[email protected]> wrote:
> I would never claim to be astute. However, I did observe that
> demo.liftweb.net is now built using 2.0-M3 as is clearly listed at the
> bottom of the page. I also observed that the Wizard example is still
> broken (paste binary characters into 'First Name' and then click the
> Next button). I have not yet registered for an account with Assembla
> but would be happy to file the bug.
>
I don't know what you mean by "pasting binary characters" into a field, but
I have updated the Arc Challenge code to:
class ArcChallenge extends StatefulSnippet {
var dispatch: DispatchIt = {case _ => xhtml => ask}
def control: String = (for (i <- 0 until 65000) yield i.toChar).mkString
/**
* Step 1: Type in a Phrase.
*/
def ask = {
<p>
Say Anything:
{text("", p => phrase = control + p + control)}
{submit("Submit", () => dispatch = {case _ => xhtml => think})}
</p>
}
/**
* Step 2: Show a link that takes you to the Phrase you entered.
*/
def think = submit("Click here to see what you said",
() => dispatch = {case _ => xhtml => answer})
/**
* Step 3: Show the phrase.
*/
def answer = <p>You said: {phrase}</p>
private var phrase = ""
}
}
}
This code inserts characters 0 - 65,000 into the string to be sent back to
the browser, including every control character.
Once again, if you have a reproducible case (the exact steps that someone
must follow) to cause Lift to emit illegal XHTML, please open a defect on
Assembla
>
>
> Dan
>
> On Mar 4, 7:33 pm, Ross Mellgren <[email protected]> wrote:
> > Check dpp's response as of 8:01
> >
> > -Ross
> >
> > On Mar 4, 2010, at 7:49 PM, Naftoli Gugenheim wrote:
> >
> >
> >
> > > What version is the demo running?
> >
> > > -------------------------------------
> > > Dano<[email protected]> wrote:
> >
> > > Just saw that Lift 2.0-M3 was released. I looked to see if the
> > > vulnerability was still present in demo.liftweb.net and I am still
> > > able to generate exceptions in the browser when I paste binary
> > > characters in the textfields for the Wizard, Wizard Challenge, and Arc
> > > Challenge examples in the Misc section.
> >
> > > Don't know if this remaining problem is supposed to be handled by the
> > > application or framework, but thought I would make a post to alert the
> > > group.
> >
> > > Dan
> >
> > > On Feb 24, 11:49 am, Dano <[email protected]> wrote:
> > >> The recent scala days conference activity may have cause the updates
> > >> to this thread to escape notice. Just wondering if there is concern
> > >> about the remaining binary character problems I noted in my prior
> > >> post.
> >
> > >> Thanks in advance.
> >
> > >> Dan
> >
> > >> On Feb 22, 1:34 pm, Dano <[email protected]> wrote:
> >
> > >>> More information on this in case anyone is interested. If you go to
> > >>> theliftdemo website, it appears the issue with characters is mostly
> > >>> addressed except for the "Misc code" section. Specifically, the
> > >>> "Wizard", "Wizard Challenge" and "Arc Challenge #1" examples will
> > >>> generate XML parsing errors.
> >
> > >>> For these problems, I am not sure if the issue if the example or the
> > >>> framework. If the issue is with the example, it would be good to
> know
> > >>> whatLiftapps need to do to avoid getting bitten by binary characters
> > >>> entered into form fields.
> >
> > >>> Thanks in advance.
> >
> > >>> Dan
> >
> > >>> On Feb 17, 11:06 am, Dano <[email protected]> wrote:
> >
> > >>>> Hello,
> >
> > >>>> I was wondering if the fix for the control characters issue was
> > >>>> included in 2.0-M2. I just did a test with ourLiftapplication built
> > >>>> with 2.0-M2 and I am still seeing problems (i.e. javascript
> exceptions
> > >>>> - NS_ERROR_INVALID_POINTER).
> >
> > >>>> Thanks in advance.
> >
> > >>>> Dan
> >
> > >>>> On Feb 3, 9:08 am, David Pollak <[email protected]>
> wrote:
> >
> > >>>>> Thanks for pointing that out. There are other problems as well...
> I'll fix
> > >>>>> them (in both the Scala andLiftdiffs)
> >
> > >>>>> On Wed, Feb 3, 2010 at 7:39 AM, Feng Zhang <[email protected]>
> wrote:
> > >>>>>> I found that in the fix, \n is changed to \t, while \t to \n. Is
> this
> > >>>>>> desired behavior?
> >
> > >>>>>> Thank you,
> >
> > >>>>>> Feng
> >
> > >>>>>> On Wed, Feb 3, 2010 at 9:20 AM, Indrajit Raychaudhuri <
> [email protected]
> > >>>>>>> wrote:
> >
> > >>>>>>> 1. Fix in head/master (2.0-SNAPSHOT) and prepone 2.0-M2.
> >
> > >>>>>>> 2. Backport in 1.0.x branch and spin 1.0.4. We haven't marked
> 1.0.x
> > >>>>>>> 'unsupported' yet. Forcing apps to move to 2.0-M2 just for this
> > >>>>>>> vulnerability fix isn't fun.
> >
> > >>>>>>> Cheers, Indrajit
> >
> > >>>>>>> On 03/02/10 3:34 PM, Timothy Perrett wrote:
> >
> > >>>>>>>> +1
> >
> > >>>>>>>> Fix it in head, no need to back-port; M2 is only around the
> corner.
> >
> > >>>>>>>> Cheers, Tim
> >
> > >>>>>>>> On 3 Feb 2010, at 09:49, Jeppe Nejsum Madsen wrote:
> >
> > >>>>>>>> David Pollak<[email protected]> writes:
> >
> > >>>>>>>>> I'd like to get a sense of how important the community views
> this
> > >>>>>>>>>> defect.
> > >>>>>>>>>> Is it a "backport the fix to every milestone and release
> yesterday" or
> > >>>>>>>>>> is it
> > >>>>>>>>>> a "fix it in 2.0-M2" or someplace in between.
> >
> > >>>>>>>>> For me, it's fix it in 2.0-SNAPSHOT
> >
> > >>>>>>>>> /Jeppe
> >
> > >>>>>>>>> --
> > >>>>>>>>> You received this message because you are subscribed to the
> Google
> > >>>>>>>>> Groups "Lift" group.
> > >>>>>>>>> To post to this group, send email to [email protected].
> > >>>>>>>>> To unsubscribe from this group, send email to
> > >>>>>>>>> [email protected]<liftweb%[email protected]>
> <liftweb%[email protected]<liftweb%[email protected]>>
> > >>>>>>>>> .
> > >>>>>>>>> For more options, visit this group at
> > >>>>>>>>>http://groups.google.com/group/liftweb?hl=en.
> >
> > >>>>>>> --
> > >>>>>>> You received this message because you are subscribed to the
> Google Groups
> > >>>>>>> "Lift" group.
> > >>>>>>> To post to this group, send email to [email protected].
> > >>>>>>> To unsubscribe from this group, send email to
> > >>>>>>> [email protected]<liftweb%[email protected]>
> <liftweb%[email protected]<liftweb%[email protected]>>
> > >>>>>>> .
> > >>>>>>> For more options, visit this group at
> > >>>>>>>http://groups.google.com/group/liftweb?hl=en.
> >
> > >>>>>> --
> > >>>>>> You received this message because you are subscribed to the Google
> Groups
> > >>>>>> "Lift" group.
> > >>>>>> To post to this group, send email to [email protected].
> > >>>>>> To unsubscribe from this group, send email to
> > >>>>>> [email protected]<liftweb%[email protected]>
> <liftweb%[email protected]<liftweb%[email protected]>>
> > >>>>>> .
> > >>>>>> For more options, visit this group at
> > >>>>>>http://groups.google.com/group/liftweb?hl=en.
> >
> > >>>>> --
> > >>>>> Lift, the simply functional web frameworkhttp://liftweb.net
> > >>>>> Beginning Scalahttp://www.apress.com/book/view/1430219890
> > >>>>> Follow me:http://twitter.com/dpp
> > >>>>> Surf the harmonics
> >
> > > --
> > > You received this message because you are subscribed to the Google
> Groups "Lift" group.
> > > To post to this group, send email to [email protected].
> > > To unsubscribe from this group, send email to
> [email protected]<liftweb%[email protected]>
> .
> > > For more options, visit this group athttp://
> groups.google.com/group/liftweb?hl=en.
> >
> > > --
> > > You received this message because you are subscribed to the Google
> Groups "Lift" group.
> > > To post to this group, send email to [email protected].
> > > To unsubscribe from this group, send email to
> [email protected]<liftweb%[email protected]>
> .
> > > For more options, visit this group athttp://
> groups.google.com/group/liftweb?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Lift" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected]<liftweb%[email protected]>
> .
> For more options, visit this group at
> http://groups.google.com/group/liftweb?hl=en.
>
>
--
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Surf the harmonics
--
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en.
