Re: problem in WindowIdHtmlRenderer
Hi, we don't take a "complete unchecked" value at all. If you check AbstractClientWindowStrategy#getWindowId() - we cut down the windowId to max. 10 chars. Regards, Thomas 2016-04-05 6:07 GMT+02:00 Thomas Frühbeck : > Hi, > I couldn't find out, how to notify you correctly.. > > Can you please take a look at WindowIdHtmlRenderer, line 62 to 78? > > My tests confirm, that you take the unchecked value of windowId, which may > have been provided by the client at will. > So a javascript injection at line 78 is possible. > > Details may be provided if necessary. > > Regards and my greatest thanks for your work and commitment. > > Thomas >
problem in WindowIdHtmlRenderer
Hi, I couldn't find out, how to notify you correctly.. Can you please take a look at WindowIdHtmlRenderer, line 62 to 78? My tests confirm, that you take the unchecked value of windowId, which may have been provided by the client at will. So a javascript injection at line 78 is possible. Details may be provided if necessary. Regards and my greatest thanks for your work and commitment. Thomas
Re: Awaitility to test async operations?
+0 never used it, can't speak to it. On Mon, Apr 4, 2016 at 11:35 AM, John D. Ament wrote: > Hey guys, > > Was wondering what others thought about introducing Awaitlity to test some > of the async code going on? https://github.com/jayway/awaitility > > I've had some good success with it in corporate projects, so I can only > speak highly of it. > > John > -- Jason Porter http://en.gravatar.com/lightguardjp
Awaitility to test async operations?
Hey guys, Was wondering what others thought about introducing Awaitlity to test some of the async code going on? https://github.com/jayway/awaitility I've had some good success with it in corporate projects, so I can only speak highly of it. John
Re: Where's index.adoc?
Both the site and docs are in adoc. I suspect the landing page format didn't work in adoc. On Apr 4, 2016 12:17, "Jason Porter" wrote: > Does it have to do with the documentation? I know the docs are all in > asciidoc. > > On Sun, Apr 3, 2016 at 6:16 AM, John D. Ament > wrote: > > > Hey guys > > > > Was wondering, does anyone know where index.adoc is? I noticed that I > had > > to update the html file manually. Is there purposely no equivalent of > the > > html file in adoc format? > > > > John > > > > > > -- > Jason Porter > http://en.gravatar.com/lightguardjp >
Re: Where's index.adoc?
Does it have to do with the documentation? I know the docs are all in asciidoc. On Sun, Apr 3, 2016 at 6:16 AM, John D. Ament wrote: > Hey guys > > Was wondering, does anyone know where index.adoc is? I noticed that I had > to update the html file manually. Is there purposely no equivalent of the > html file in adoc format? > > John > -- Jason Porter http://en.gravatar.com/lightguardjp
[jira] [Commented] (DELTASPIKE-1109) Remove My email account from the Jira mailing list
[ https://issues.apache.org/jira/browse/DELTASPIKE-1109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15223976#comment-15223976 ] John D. Ament commented on DELTASPIKE-1109: --- Jorge, you receive emails about it because you created. If you see other tickets that you get email notifications about, you should forward that to our infra team. > Remove My email account from the Jira mailing list > -- > > Key: DELTASPIKE-1109 > URL: https://issues.apache.org/jira/browse/DELTASPIKE-1109 > Project: DeltaSpike > Issue Type: Task >Reporter: jorge >Assignee: John D. Ament > > Hello Guys, > Sorry, I know that this is not the right place but I don't really know how or > why my e-mail was added on this Jira mailing list. I've subscribed to > DeltaSpike Dev mailing list and I was automatically added here. > I didn't even had an account here. I had to create it so I could remove > myself from this project but I don't have the permissions to do so. > I've already unsubscribed my e-mail from the dev (yesterday) list since we > have abandoned the use of Deltaspike. > Once again, sorry for this issue > But I have no other means to ask for this. > Thanks. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DELTASPIKE-1109) Remove My email account from the Jira mailing list
[ https://issues.apache.org/jira/browse/DELTASPIKE-1109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15223973#comment-15223973 ] jorge commented on DELTASPIKE-1109: --- Hi John, I think you guys definitely need to have a separate account and let the user chose from where he wants to receives this updates. I'm still receiving e-mails from this Jira. Would you be kind to remove my e-mail from it, it's really annoying. Or at least add the permission to a user (here on jira) to configure whether he wants to receives the e-mail or not. Having a mailing list and a issues list is two separate things on my opinion and it should kept this way. One just wants to participate on discussions or he really wants to commit to the project participating on the Issues list. That's why I think that it would be god to NOT add one that subscribed to dev list here on JIRA let people chose for themselves. Best regards. > Remove My email account from the Jira mailing list > -- > > Key: DELTASPIKE-1109 > URL: https://issues.apache.org/jira/browse/DELTASPIKE-1109 > Project: DeltaSpike > Issue Type: Task >Reporter: jorge >Assignee: John D. Ament > > Hello Guys, > Sorry, I know that this is not the right place but I don't really know how or > why my e-mail was added on this Jira mailing list. I've subscribed to > DeltaSpike Dev mailing list and I was automatically added here. > I didn't even had an account here. I had to create it so I could remove > myself from this project but I don't have the permissions to do so. > I've already unsubscribed my e-mail from the dev (yesterday) list since we > have abandoned the use of Deltaspike. > Once again, sorry for this issue > But I have no other means to ask for this. > Thanks. -- This message was sent by Atlassian JIRA (v6.3.4#6332)