[RT] Markdown resource decorator
Hi, I created a markdown resource decorator module ( [1] ) based on Robert's md resource provider. With a decorator you can decorate resources from any provider, so you can handle file resources, JCR resources etc. Based on configuration it can extract a yaml frontmatter, title and render the md to markdown - all of this gets put as additional attributes into the value map of the decorated resource. (Similar to the md resource provider) I've also added initial code for link rewriting in the rendered html. The solution is more flexible than the md resource provider but is missing the index feature of that provider. Right now, the md is rendered as html on first access of the value map. This could be made more lazy by putting a Supplier into the value map which triggers rendering the first time the Supplier is used. [1] https://github.com/apache/sling-whiteboard/tree/master/mdresourcedecorator Regards Carsten -- Carsten Ziegeler Adobe Research Switzerland cziege...@apache.org
[GitHub] [sling-org-apache-sling-superimposing] saurabh-khare commented on a change in pull request #2: SLING-9688 - Upgrade Sling superimposing to use OSGi R7 annotations
saurabh-khare commented on a change in pull request #2: URL: https://github.com/apache/sling-org-apache-sling-superimposing/pull/2#discussion_r478183139 ## File path: pom.xml ## @@ -43,120 +42,120 @@ - + -org.apache.felix -maven-scr-plugin +org.apache.sling +sling-maven-plugin - + -org.apache.felix -maven-bundle-plugin -true - - - org.apache.sling.superimposing - org.apache.sling.superimposing.impl - org.apache.felix.webconsole - SLING-INF/nodetypes/superimposing.cnd - - +biz.aQute.bnd +bnd-maven-plugin - -org.apache.sling -maven-sling-plugin +biz.aQute.bnd +bnd-baseline-maven-plugin - org.apache.sling org.apache.sling.api -2.2.0 +2.18.4 provided org.apache.sling org.apache.sling.commons.osgi -2.1.0 +2.4.0 provided org.apache.sling org.apache.sling.settings -1.0.0 +1.3.8 provided - + + org.apache.sling + org.apache.sling.serviceusermapper + 1.3.6 + provided + + + org.apache.commons + commons-lang3 +3.6 + -commons-lang -commons-lang -2.4 + org.apache.commons + commons-collections4 +4.1 + + + + org.osgi + org.osgi.service.component.annotations provided - - -commons-collections -commons-collections -3.1 + + + org.osgi + org.osgi.service.metatype.annotations +1.4.0 Review comment: Removed This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-superimposing] saurabh-khare commented on a change in pull request #2: SLING-9688 - Upgrade Sling superimposing to use OSGi R7 annotations
saurabh-khare commented on a change in pull request #2: URL: https://github.com/apache/sling-org-apache-sling-superimposing/pull/2#discussion_r478182961 ## File path: pom.xml ## @@ -43,120 +42,120 @@ - + -org.apache.felix -maven-scr-plugin +org.apache.sling +sling-maven-plugin - + -org.apache.felix -maven-bundle-plugin -true - - - org.apache.sling.superimposing - org.apache.sling.superimposing.impl - org.apache.felix.webconsole - SLING-INF/nodetypes/superimposing.cnd - - +biz.aQute.bnd +bnd-maven-plugin - -org.apache.sling -maven-sling-plugin +biz.aQute.bnd +bnd-baseline-maven-plugin - org.apache.sling org.apache.sling.api -2.2.0 +2.18.4 Review comment: Reverted to previous versions for runtime dependencies This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-superimposing] saurabh-khare commented on a change in pull request #2: SLING-9688 - Upgrade Sling superimposing to use OSGi R7 annotations
saurabh-khare commented on a change in pull request #2: URL: https://github.com/apache/sling-org-apache-sling-superimposing/pull/2#discussion_r478182354 ## File path: bnd.bnd ## @@ -0,0 +1,17 @@ +Bundle-Category: sling Review comment: Removed duplicated information This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-superimposing] saurabh-khare commented on a change in pull request #2: SLING-9688 - Upgrade Sling superimposing to use OSGi R7 annotations
saurabh-khare commented on a change in pull request #2: URL: https://github.com/apache/sling-org-apache-sling-superimposing/pull/2#discussion_r478182573 ## File path: pom.xml ## @@ -19,14 +19,13 @@ 4.0.0 org.apache.sling -sling -26 - +sling-bundle-parent +38 Review comment: Updated to version 39 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-superimposing] sonarcloud[bot] removed a comment on pull request #2: SLING-9688 - Upgrade Sling superimposing to use OSGi R7 annotations
sonarcloud[bot] removed a comment on pull request #2: URL: https://github.com/apache/sling-org-apache-sling-superimposing/pull/2#issuecomment-680872125 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=VULNERABILITY) (and [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types =SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=SECURITY_HOTSPOT) to review) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=CODE_SMELL) [6 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&metric=new_coverage&view=list) [89.3% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&metric=new_duplicated_lines_density&view=list) The version of Java (1.8.0_252) you have used to run this analysis is deprecated and we will stop accepting it from October 2020. Please update to at least Java 11. Read more [here](https://sonarcloud.io/documentation/upcoming/) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-superimposing] sonarcloud[bot] commented on pull request #2: SLING-9688 - Upgrade Sling superimposing to use OSGi R7 annotations
sonarcloud[bot] commented on pull request #2: URL: https://github.com/apache/sling-org-apache-sling-superimposing/pull/2#issuecomment-681622019 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=VULNERABILITY) (and [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types =SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=SECURITY_HOTSPOT) to review) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=CODE_SMELL) [5 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&metric=new_coverage&view=list) [89.3% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&metric=new_duplicated_lines_density&view=list) The version of Java (1.8.0_252) you have used to run this analysis is deprecated and we will stop accepting it from October 2020. Please update to at least Java 11. Read more [here](https://sonarcloud.io/documentation/upcoming/) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (SLING-9703) Enable code coverage with JaCoCo
Oliver Lietz created SLING-9703: --- Summary: Enable code coverage with JaCoCo Key: SLING-9703 URL: https://issues.apache.org/jira/browse/SLING-9703 Project: Sling Issue Type: Task Components: Scripting Reporter: Oliver Lietz Assignee: Oliver Lietz Fix For: Scripting Thymeleaf 2.0.4 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (SLING-9702) Enable code coverage with JaCoCo
Oliver Lietz created SLING-9702: --- Summary: Enable code coverage with JaCoCo Key: SLING-9702 URL: https://issues.apache.org/jira/browse/SLING-9702 Project: Sling Issue Type: Task Components: Scripting Reporter: Oliver Lietz Assignee: Oliver Lietz Fix For: Scripting Groovy 1.2.2 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (SLING-9701) Enable code coverage with JaCoCo
Oliver Lietz created SLING-9701: --- Summary: Enable code coverage with JaCoCo Key: SLING-9701 URL: https://issues.apache.org/jira/browse/SLING-9701 Project: Sling Issue Type: Task Components: Scripting Reporter: Oliver Lietz Assignee: Oliver Lietz Fix For: Scripting FreeMarker 1.0.4 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [sling-org-apache-sling-starter] cmrockwell commented on pull request #13: SLING-9695 Added options for datastore
cmrockwell commented on pull request #13: URL: https://github.com/apache/sling-org-apache-sling-starter/pull/13#issuecomment-681152224 Update: I updated the pull request resolving the PM/FM conflict and created an aggregate feature file (oak_tar_fds.json) This satisfies my requirement for keeping the launch command relatively simple. Also tweaked the README to make it even more useful. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Resolved] (SLING-9700) Enable code coverage with JaCoCo
[ https://issues.apache.org/jira/browse/SLING-9700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oliver Lietz resolved SLING-9700. - Resolution: Done > Enable code coverage with JaCoCo > > > Key: SLING-9700 > URL: https://issues.apache.org/jira/browse/SLING-9700 > Project: Sling > Issue Type: Task > Components: Commons >Reporter: Oliver Lietz >Assignee: Oliver Lietz >Priority: Major > Fix For: Commons Crypto 1.0.2 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (SLING-9700) Enable code coverage with JaCoCo
Oliver Lietz created SLING-9700: --- Summary: Enable code coverage with JaCoCo Key: SLING-9700 URL: https://issues.apache.org/jira/browse/SLING-9700 Project: Sling Issue Type: Task Components: Commons Reporter: Oliver Lietz Assignee: Oliver Lietz Fix For: Commons Crypto 1.0.2 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (SLING-9699) Enable code coverage with JaCoCo
[ https://issues.apache.org/jira/browse/SLING-9699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oliver Lietz resolved SLING-9699. - Resolution: Done > Enable code coverage with JaCoCo > > > Key: SLING-9699 > URL: https://issues.apache.org/jira/browse/SLING-9699 > Project: Sling > Issue Type: Task > Components: JCR, Oak >Reporter: Oliver Lietz >Assignee: Oliver Lietz >Priority: Major > Fix For: Clam 1.1.2 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (SLING-9699) Enable code coverage with JaCoCo
Oliver Lietz created SLING-9699: --- Summary: Enable code coverage with JaCoCo Key: SLING-9699 URL: https://issues.apache.org/jira/browse/SLING-9699 Project: Sling Issue Type: Task Components: JCR, Oak Reporter: Oliver Lietz Assignee: Oliver Lietz Fix For: Clam 1.1.2 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (SLING-9698) Enable code coverage with JaCoCo
[ https://issues.apache.org/jira/browse/SLING-9698?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oliver Lietz resolved SLING-9698. - Resolution: Done > Enable code coverage with JaCoCo > > > Key: SLING-9698 > URL: https://issues.apache.org/jira/browse/SLING-9698 > Project: Sling > Issue Type: Task > Components: Commons >Reporter: Oliver Lietz >Assignee: Oliver Lietz >Priority: Major > Fix For: Commons Clam 2.0.2 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [sling-org-apache-sling-starter] sonarcloud[bot] commented on pull request #13: SLING-9695 Added options for datastore
sonarcloud[bot] commented on pull request #13: URL: https://github.com/apache/sling-org-apache-sling-starter/pull/13#issuecomment-681076010 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter&pullRequest=13&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter&pullRequest=13&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter&pullRequest=13&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter&pullRequest=13&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter&pullRequest=13&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter&pullRequest=13&resolved=false&types=VULNERABILITY) (and [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter&pullRequest=13&resolved=false&types=SECURITY_HOTSPOT) [ 0 Security Hotspots](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter&pullRequest=13&resolved=false&types=SECURITY_HOTSPOT) to review) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter&pullRequest=13&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter&pullRequest=13&resolved=false&types=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-starter&pullRequest=13&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-starter&pullRequest=13) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-starter&pullRequest=13&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-starter&pullRequest=13&metric=new_duplicated_lines_density&view=list) The version of Java (1.8.0_252) you have used to run this analysis is deprecated and we will stop accepting it from October 2020. Please update to at least Java 11. Read more [here](https://sonarcloud.io/documentation/upcoming/) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Created] (SLING-9698) Enable code coverage with JaCoCo
Oliver Lietz created SLING-9698: --- Summary: Enable code coverage with JaCoCo Key: SLING-9698 URL: https://issues.apache.org/jira/browse/SLING-9698 Project: Sling Issue Type: Task Components: Commons Reporter: Oliver Lietz Assignee: Oliver Lietz Fix For: Commons Clam 2.0.2 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Resolved] (SLING-9697) Enable code coverage with JaCoCo
[ https://issues.apache.org/jira/browse/SLING-9697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oliver Lietz resolved SLING-9697. - Resolution: Done > Enable code coverage with JaCoCo > > > Key: SLING-9697 > URL: https://issues.apache.org/jira/browse/SLING-9697 > Project: Sling > Issue Type: Task > Components: Commons >Reporter: Oliver Lietz >Assignee: Oliver Lietz >Priority: Major > Fix For: Commons Messaging Mail 1.0.2 > > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (SLING-9697) Enable code coverage with JaCoCo
Oliver Lietz created SLING-9697: --- Summary: Enable code coverage with JaCoCo Key: SLING-9697 URL: https://issues.apache.org/jira/browse/SLING-9697 Project: Sling Issue Type: Task Components: Commons Reporter: Oliver Lietz Assignee: Oliver Lietz Fix For: Commons Messaging Mail 1.0.2 -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (SLING-9696) HTL does not correctly cast the "false" string to Boolean
[
https://issues.apache.org/jira/browse/SLING-9696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Radu Cotescu updated SLING-9696:
Fix Version/s: Scripting HTL Runtime 1.2.4-1.4.0
> HTL does not correctly cast the "false" string to Boolean
> -
>
> Key: SLING-9696
> URL: https://issues.apache.org/jira/browse/SLING-9696
> Project: Sling
> Issue Type: Bug
> Components: Scripting
>Affects Versions: Scripting Sightly Engine 1.0.0, Scripting HTL Engine
> 1.0.20, Scripting HTL Engine 1.1.0-1.4.0, Scripting HTL Engine 1.2.0-1.4.0,
> Scripting HTL Engine 1.3.0-1.4.0, Scripting HTL Engine 1.4.0-1.4.0
>Reporter: Radu Cotescu
>Assignee: Radu Cotescu
>Priority: Major
> Fix For: Scripting HTL Runtime 1.2.4-1.4.0, Scripting HTL Engine
> 1.4.4-1.4.0
>
>
> The HTL engine implementation from Apache Sling seems to have never correctly
> casted the "false" string to boolean. The HTL specification [0] mentions the
> following:
> {noformat}
> These expressions evaluate to false:
> * false
> * 0 (zero)
> * '' or "" (empty string)
> * [] (empty iterable)
> These evaluate to true:
> * "false" (non-empty string)
> * [0] (non-empty iterable)
> {noformat}
> However, all implementations have returned the Boolean {{false}} for any
> casing of the string "false".
> A change like this has the potential to break the functionality of existing
> HTL code, relying on the fact that the string "false" (irrespective of its
> casing) returns the Boolean {{false}}, however the implementation should obey
> the specification. Therefore I think the fix should be behind a configuration
> flag, which by default allows the engine to continue working with the wrong
> behaviour. Deployers can then decide via configuration if they would like to
> switch the engine to the correct behaviour.
>
> [0] -
> [https://github.com/adobe/htl-spec/blob/1.4/SPECIFICATION.md#115-casting]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Comment Edited] (SLING-9314) NPE in ObjectModel.toBoolean(Object) when object.toString() returns null
[ https://issues.apache.org/jira/browse/SLING-9314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17185308#comment-17185308 ] Radu Cotescu edited comment on SLING-9314 at 8/26/20, 4:22 PM: --- Fixed in [commit 9669c6b|https://github.com/apache/sling-org-apache-sling-scripting-sightly-runtime/commit/9669c6b]. was (Author: radu.cotescu): Fixed in [commit 44d28b0|g...@github.com:apache/sling-org-apache-sling-scripting-sightly-runtime/commit/44d28b0]. > NPE in ObjectModel.toBoolean(Object) when object.toString() returns null > > > Key: SLING-9314 > URL: https://issues.apache.org/jira/browse/SLING-9314 > Project: Sling > Issue Type: Bug > Components: Scripting >Affects Versions: Scripting HTL Runtime 1.0.0-1.4.0, Scripting HTL Runtime > 1.1.0-1.4.0, Scripting HTL Runtime 1.1.2-1.4.0 >Reporter: Paul Bjorkstrand >Assignee: Radu Cotescu >Priority: Major > Fix For: Scripting HTL Runtime 1.2.4-1.4.0 > > > Though it is bad practice, it is possible that an object can return null from > its toString() method. ObjectModel.toBoolean(Object) \[[Line > 161|https://github.com/apache/sling-org-apache-sling-scripting-sightly-runtime/blob/master/src/main/java/org/apache/sling/scripting/sightly/render/ObjectModel.java#L161]\] > calls .trim() on a potentially null object. > This causes a difficult to troubleshoot, deeply nested, and cryptic exception > to be raised. If object.toString() returns null, then it should be treated > the same as nearly the rest of HTL, where null is considered "falsey". Doing > so will save hours of difficult troubleshooting. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (SLING-9696) HTL does not correctly cast the "false" string to Boolean
[
https://issues.apache.org/jira/browse/SLING-9696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Radu Cotescu updated SLING-9696:
Description:
The HTL engine implementation from Apache Sling seems to have never correctly
casted the "false" string to boolean. The HTL specification [0] mentions the
following:
{noformat}
These expressions evaluate to false:
* false
* 0 (zero)
* '' or "" (empty string)
* [] (empty iterable)
These evaluate to true:
* "false" (non-empty string)
* [0] (non-empty iterable)
{noformat}
However, all implementations have returned the Boolean {{false}} for any casing
of the string "false".
A change like this has the potential to break the functionality of existing HTL
code, relying on the fact that the string "false" (irrespective of its casing)
returns the Boolean {{false}}, however the implementation should obey the
specification. Therefore I think the fix should be behind a configuration flag,
which by default allows the engine to continue working with the wrong
behaviour. Deployers can then decide via configuration if they would like to
switch the engine to the correct behaviour.
[0] - [https://github.com/adobe/htl-spec/blob/1.4/SPECIFICATION.md#115-casting]
was:
The HTL engine implementation from Apache Sling seems to have never correctly
casted the "false" string to boolean. The HTL specification [0] mentions the
following:
{noformat}
These expressions evaluate to false:
* false
* 0 (zero)
* '' or "" (empty string)
* [] (empty iterable)
These evaluate to true:
* "false" (non-empty string)
* [0] (non-empty iterable)
{noformat}
[0] - https://github.com/adobe/htl-spec/blob/1.4/SPECIFICATION.md#115-casting
> HTL does not correctly cast the "false" string to Boolean
> -
>
> Key: SLING-9696
> URL: https://issues.apache.org/jira/browse/SLING-9696
> Project: Sling
> Issue Type: Bug
> Components: Scripting
>Affects Versions: Scripting Sightly Engine 1.0.0, Scripting HTL Engine
> 1.0.20, Scripting HTL Engine 1.1.0-1.4.0, Scripting HTL Engine 1.2.0-1.4.0,
> Scripting HTL Engine 1.3.0-1.4.0, Scripting HTL Engine 1.4.0-1.4.0
>Reporter: Radu Cotescu
>Assignee: Radu Cotescu
>Priority: Major
> Fix For: Scripting HTL Engine 1.4.4-1.4.0
>
>
> The HTL engine implementation from Apache Sling seems to have never correctly
> casted the "false" string to boolean. The HTL specification [0] mentions the
> following:
> {noformat}
> These expressions evaluate to false:
> * false
> * 0 (zero)
> * '' or "" (empty string)
> * [] (empty iterable)
> These evaluate to true:
> * "false" (non-empty string)
> * [0] (non-empty iterable)
> {noformat}
> However, all implementations have returned the Boolean {{false}} for any
> casing of the string "false".
> A change like this has the potential to break the functionality of existing
> HTL code, relying on the fact that the string "false" (irrespective of its
> casing) returns the Boolean {{false}}, however the implementation should obey
> the specification. Therefore I think the fix should be behind a configuration
> flag, which by default allows the engine to continue working with the wrong
> behaviour. Deployers can then decide via configuration if they would like to
> switch the engine to the correct behaviour.
>
> [0] -
> [https://github.com/adobe/htl-spec/blob/1.4/SPECIFICATION.md#115-casting]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (SLING-9314) NPE in ObjectModel.toBoolean(Object) when object.toString() returns null
[ https://issues.apache.org/jira/browse/SLING-9314?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Radu Cotescu resolved SLING-9314. - Resolution: Fixed Fixed in [commit 44d28b0|g...@github.com:apache/sling-org-apache-sling-scripting-sightly-runtime/commit/44d28b0]. > NPE in ObjectModel.toBoolean(Object) when object.toString() returns null > > > Key: SLING-9314 > URL: https://issues.apache.org/jira/browse/SLING-9314 > Project: Sling > Issue Type: Bug > Components: Scripting >Affects Versions: Scripting HTL Runtime 1.0.0-1.4.0, Scripting HTL Runtime > 1.1.0-1.4.0, Scripting HTL Runtime 1.1.2-1.4.0 >Reporter: Paul Bjorkstrand >Assignee: Radu Cotescu >Priority: Major > Fix For: Scripting HTL Runtime 1.2.4-1.4.0 > > > Though it is bad practice, it is possible that an object can return null from > its toString() method. ObjectModel.toBoolean(Object) \[[Line > 161|https://github.com/apache/sling-org-apache-sling-scripting-sightly-runtime/blob/master/src/main/java/org/apache/sling/scripting/sightly/render/ObjectModel.java#L161]\] > calls .trim() on a potentially null object. > This causes a difficult to troubleshoot, deeply nested, and cryptic exception > to be raised. If object.toString() returns null, then it should be treated > the same as nearly the rest of HTL, where null is considered "falsey". Doing > so will save hours of difficult troubleshooting. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (SLING-9696) HTL does not correctly cast the "false" string to Boolean
Radu Cotescu created SLING-9696:
---
Summary: HTL does not correctly cast the "false" string to Boolean
Key: SLING-9696
URL: https://issues.apache.org/jira/browse/SLING-9696
Project: Sling
Issue Type: Bug
Components: Scripting
Affects Versions: Scripting HTL Engine 1.4.0-1.4.0, Scripting HTL Engine
1.3.0-1.4.0, Scripting HTL Engine 1.2.0-1.4.0, Scripting HTL Engine
1.1.0-1.4.0, Scripting HTL Engine 1.0.20, Scripting Sightly Engine 1.0.0
Reporter: Radu Cotescu
Assignee: Radu Cotescu
Fix For: Scripting HTL Engine 1.4.4-1.4.0
The HTL engine implementation from Apache Sling seems to have never correctly
casted the "false" string to boolean. The HTL specification [0] mentions the
following:
{noformat}
These expressions evaluate to false:
* false
* 0 (zero)
* '' or "" (empty string)
* [] (empty iterable)
These evaluate to true:
* "false" (non-empty string)
* [0] (non-empty iterable)
{noformat}
[0] - https://github.com/adobe/htl-spec/blob/1.4/SPECIFICATION.md#115-casting
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (SLING-9694) XSSAPIImpl#getValidHref does not escape the ampersand character
[
https://issues.apache.org/jira/browse/SLING-9694?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17185258#comment-17185258
]
Radu Cotescu commented on SLING-9694:
-
Copying the answer from SLING-9011:
I'm tempted to not pursue the fix here. The reason is that the newest version
of the HTML standard does not enforce this rule any more and it was most
probably based on the fact that most of the browsers are lenient and
automatically correct the URLs they use when accessing the resources.
Section 12.1.2.3 [0] of the HTML standard mentions which characters are not
allowed in an attribute value and the ampersand is not in this class. The
standard does mention that ambiguous ampersands are not allowed, but these are
defined as structures that look like a name character reference but are not
one. Given the potential of introducing an incompatible change, I'm not sure if
it would be really worth fixing this issue.
[0] - https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
> XSSAPIImpl#getValidHref does not escape the ampersand character
> ---
>
> Key: SLING-9694
> URL: https://issues.apache.org/jira/browse/SLING-9694
> Project: Sling
> Issue Type: Bug
> Components: XSS Protection API
>Affects Versions: XSS Protection API 1.0.0, XSS Protection API 2.0.0, XSS
> Protection API 2.1.0, XSS Protection API 2.2.0, XSS Protection API Compat
> 1.1.0
>Reporter: Radu Cotescu
>Assignee: Radu Cotescu
>Priority: Major
> Fix For: XSS Protection API 2.2.8
>
>
> {{XSSAPIImpl#getValidHref}} does not escape the ampersand character, although
> the API's JavaDoc states that the method should "Sanitize a URL for writing
> as an HTML href or src attribute value".
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (SLING-9694) XSSAPIImpl#getValidHref does not escape the ampersand character
[
https://issues.apache.org/jira/browse/SLING-9694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Radu Cotescu resolved SLING-9694.
-
Fix Version/s: (was: XSS Protection API 2.2.8)
Resolution: Won't Fix
> XSSAPIImpl#getValidHref does not escape the ampersand character
> ---
>
> Key: SLING-9694
> URL: https://issues.apache.org/jira/browse/SLING-9694
> Project: Sling
> Issue Type: Bug
> Components: XSS Protection API
>Affects Versions: XSS Protection API 1.0.0, XSS Protection API 2.0.0, XSS
> Protection API 2.1.0, XSS Protection API 2.2.0, XSS Protection API Compat
> 1.1.0
>Reporter: Radu Cotescu
>Assignee: Radu Cotescu
>Priority: Major
>
> {{XSSAPIImpl#getValidHref}} does not escape the ampersand character, although
> the API's JavaDoc states that the method should "Sanitize a URL for writing
> as an HTML href or src attribute value".
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Resolved] (SLING-9011) HTL: "automatic" context=uri on href/src seems to be wrong - Should be uri *and* html
[ https://issues.apache.org/jira/browse/SLING-9011?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Radu Cotescu resolved SLING-9011. - Resolution: Won't Fix > HTL: "automatic" context=uri on href/src seems to be wrong - Should be uri > *and* html > - > > Key: SLING-9011 > URL: https://issues.apache.org/jira/browse/SLING-9011 > Project: Sling > Issue Type: New Feature > Components: Scripting >Affects Versions: Scripting HTL Engine 1.3.2-1.4.0 >Reporter: Henry Kuijpers >Assignee: Radu Cotescu >Priority: Major > > url=[http://test.com/?a=true&b=false&c=%3F|http://test.com/?a=true&b=false] > Test > I expect the href to be (when viewing page source): > [http://test.com/?a=true&b=false&c=%3F] > It however is: > [http://test.com/?a=true&b=false&c=%3F] > HTML requires attributes to also be encoded, so I believe we're not doing > enough to do the proper encoding/escaping here. > WDYT? -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [sling-org-apache-sling-starter] cmrockwell commented on pull request #13: SLING-9695 Added options for datastore
cmrockwell commented on pull request #13: URL: https://github.com/apache/sling-org-apache-sling-starter/pull/13#issuecomment-680933657 @rombert Thanks for the feedback. Launching the instance as you suggest with a series of feature.json is a bit cumbersome as compared to the prior way (`java -jar org.apache.sling.starter-12-SNAPSHOT.jar`). I worry about typing it wrong or missing one or more important features; this introducing bugs. Is there is a maven command (and pom config) to generate Feature Archive as a Jar file containing a predefined set of features (oak_tar, file datastore, composum, web console) that could be started without all the -f args? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-starter] cmrockwell edited a comment on pull request #13: SLING-9695 Added options for datastore
cmrockwell edited a comment on pull request #13: URL: https://github.com/apache/sling-org-apache-sling-starter/pull/13#issuecomment-680933657 @rombert Thanks for the feedback. Launching the instance as you suggest with a series of feature.json is a bit cumbersome as compared to the prior way (`java -jar org.apache.sling.starter-12-SNAPSHOT.jar`). I worry about typing it wrong or missing one or more important features; thus introducing bugs. Is there is a maven command (and pom config) to generate Feature Archive as a Jar file containing a predefined set of features (oak_tar, file datastore, composum, web console) that could be started without all the -f args? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Comment Edited] (SLING-9314) NPE in ObjectModel.toBoolean(Object) when object.toString() returns null
[ https://issues.apache.org/jira/browse/SLING-9314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17185209#comment-17185209 ] Paul Bjorkstrand edited comment on SLING-9314 at 8/26/20, 2:56 PM: --- [~radu], I added a comment (rather lengthy, sorry) to the PR with an idea on how to both simplify the logic and to make it more readable. There is one non-backwards compatible change in the suggestion, though I feel it is worth eliminating that edge case. Let me know your thoughts on the impacts of that change. was (Author: paul.bjorkstrand): [~radu], I add a comment (rather lengthy, sorry) to the PR with an idea on how to both simplify the logic and to make it more readable. There is one non-backwards compatible change in the suggestion, though I feel it is worth eliminating that edge case. Let me know your thoughts on the impacts of that change. > NPE in ObjectModel.toBoolean(Object) when object.toString() returns null > > > Key: SLING-9314 > URL: https://issues.apache.org/jira/browse/SLING-9314 > Project: Sling > Issue Type: Bug > Components: Scripting >Affects Versions: Scripting HTL Runtime 1.0.0-1.4.0, Scripting HTL Runtime > 1.1.0-1.4.0, Scripting HTL Runtime 1.1.2-1.4.0 >Reporter: Paul Bjorkstrand >Assignee: Radu Cotescu >Priority: Major > Fix For: Scripting HTL Runtime 1.2.4-1.4.0 > > > Though it is bad practice, it is possible that an object can return null from > its toString() method. ObjectModel.toBoolean(Object) \[[Line > 161|https://github.com/apache/sling-org-apache-sling-scripting-sightly-runtime/blob/master/src/main/java/org/apache/sling/scripting/sightly/render/ObjectModel.java#L161]\] > calls .trim() on a potentially null object. > This causes a difficult to troubleshoot, deeply nested, and cryptic exception > to be raised. If object.toString() returns null, then it should be treated > the same as nearly the rest of HTL, where null is considered "falsey". Doing > so will save hours of difficult troubleshooting. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (SLING-9314) NPE in ObjectModel.toBoolean(Object) when object.toString() returns null
[ https://issues.apache.org/jira/browse/SLING-9314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17185209#comment-17185209 ] Paul Bjorkstrand commented on SLING-9314: - [~radu], I add a comment (rather lengthy, sorry) to the PR with an idea on how to both simplify the logic and to make it more readable. There is one non-backwards compatible change in the suggestion, though I feel it is worth eliminating that edge case. Let me know your thoughts on the impacts of that change. > NPE in ObjectModel.toBoolean(Object) when object.toString() returns null > > > Key: SLING-9314 > URL: https://issues.apache.org/jira/browse/SLING-9314 > Project: Sling > Issue Type: Bug > Components: Scripting >Affects Versions: Scripting HTL Runtime 1.0.0-1.4.0, Scripting HTL Runtime > 1.1.0-1.4.0, Scripting HTL Runtime 1.1.2-1.4.0 >Reporter: Paul Bjorkstrand >Assignee: Radu Cotescu >Priority: Major > Fix For: Scripting HTL Runtime 1.2.4-1.4.0 > > > Though it is bad practice, it is possible that an object can return null from > its toString() method. ObjectModel.toBoolean(Object) \[[Line > 161|https://github.com/apache/sling-org-apache-sling-scripting-sightly-runtime/blob/master/src/main/java/org/apache/sling/scripting/sightly/render/ObjectModel.java#L161]\] > calls .trim() on a potentially null object. > This causes a difficult to troubleshoot, deeply nested, and cryptic exception > to be raised. If object.toString() returns null, then it should be treated > the same as nearly the rest of HTL, where null is considered "falsey". Doing > so will save hours of difficult troubleshooting. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [sling-org-apache-sling-superimposing] kwin commented on a change in pull request #2: SLING-9688 - Upgrade Sling superimposing to use OSGi R7 annotations
kwin commented on a change in pull request #2: URL: https://github.com/apache/sling-org-apache-sling-superimposing/pull/2#discussion_r477295346 ## File path: pom.xml ## @@ -43,120 +42,120 @@ - + -org.apache.felix -maven-scr-plugin +org.apache.sling +sling-maven-plugin - + -org.apache.felix -maven-bundle-plugin -true - - - org.apache.sling.superimposing - org.apache.sling.superimposing.impl - org.apache.felix.webconsole - SLING-INF/nodetypes/superimposing.cnd - - +biz.aQute.bnd +bnd-maven-plugin - -org.apache.sling -maven-sling-plugin +biz.aQute.bnd +bnd-baseline-maven-plugin - org.apache.sling org.apache.sling.api -2.2.0 +2.18.4 Review comment: Why do you require new runtime dependencies (api, commons osgi, ...)? ## File path: bnd.bnd ## @@ -0,0 +1,17 @@ +Bundle-Category: sling Review comment: Please don't duplicate meta information already set in parent ## File path: pom.xml ## @@ -43,120 +42,120 @@ - + -org.apache.felix -maven-scr-plugin +org.apache.sling +sling-maven-plugin - + -org.apache.felix -maven-bundle-plugin -true - - - org.apache.sling.superimposing - org.apache.sling.superimposing.impl - org.apache.felix.webconsole - SLING-INF/nodetypes/superimposing.cnd - - +biz.aQute.bnd +bnd-maven-plugin - -org.apache.sling -maven-sling-plugin +biz.aQute.bnd +bnd-baseline-maven-plugin - org.apache.sling org.apache.sling.api -2.2.0 +2.18.4 provided org.apache.sling org.apache.sling.commons.osgi -2.1.0 +2.4.0 provided org.apache.sling org.apache.sling.settings -1.0.0 +1.3.8 provided - + + org.apache.sling + org.apache.sling.serviceusermapper + 1.3.6 + provided + + + org.apache.commons + commons-lang3 +3.6 + -commons-lang -commons-lang -2.4 + org.apache.commons + commons-collections4 +4.1 + + + + org.osgi + org.osgi.service.component.annotations provided - - -commons-collections -commons-collections -3.1 + + + org.osgi + org.osgi.service.metatype.annotations +1.4.0 Review comment: Don't set versions for dependencies managed in parent ## File path: pom.xml ## @@ -19,14 +19,13 @@ 4.0.0 org.apache.sling -sling -26 - +sling-bundle-parent +38 Review comment: Please use most recent version (39) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-9688) Upgrade Sling superimposing to use OSGi R7 annotations
[ https://issues.apache.org/jira/browse/SLING-9688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17185182#comment-17185182 ] Saurabh Khare commented on SLING-9688: -- Pull request: [https://github.com/apache/sling-org-apache-sling-superimposing/pull/2] > Upgrade Sling superimposing to use OSGi R7 annotations > -- > > Key: SLING-9688 > URL: https://issues.apache.org/jira/browse/SLING-9688 > Project: Sling > Issue Type: Improvement > Components: Extensions >Affects Versions: Superimposing Resource Provider 0.2.0 >Reporter: Saurabh Khare >Priority: Major > Labels: newbie, pull-request-available > Fix For: Superimposing Resource Provider 0.4.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Sling superimposing is still relevant for particular contexts when resource > mirroring is a necessity. SLING-1778 > This ticket is for upgrading the sling superimposing sling extension to use > OSGI R7 annotations by upgrading pom to use latest sling bundle parent and > associated dependencies -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [sling-org-apache-sling-superimposing] sonarcloud[bot] commented on pull request #2: SLING-9688 - Upgrade Sling superimposing to use OSGi R7 annotations
sonarcloud[bot] commented on pull request #2: URL: https://github.com/apache/sling-org-apache-sling-superimposing/pull/2#issuecomment-680872125 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=BUG) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=VULNERABILITY) (and [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types =SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=SECURITY_HOTSPOT) to review) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=CODE_SMELL) [6 Code Smells](https://sonarcloud.io/project/issues?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&resolved=false&types=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&metric=new_coverage&view=list) [89.3% Coverage](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&metric=new_coverage&view=list) [](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&metric=new_duplicated_lines_density&view=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_sling-org-apache-sling-superimposing&pullRequest=2&metric=new_duplicated_lines_density&view=list) The version of Java (1.8.0_252) you have used to run this analysis is deprecated and we will stop accepting it from October 2020. Please update to at least Java 11. Read more [here](https://sonarcloud.io/documentation/upcoming/) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [sling-org-apache-sling-superimposing] saurabh-khare opened a new pull request #2: SLING-9688 - Upgrade Sling superimposing to use OSGi R7 annotations
saurabh-khare opened a new pull request #2: URL: https://github.com/apache/sling-org-apache-sling-superimposing/pull/2 Please refer ticket SLING-9688 for more information https://issues.apache.org/jira/browse/SLING-9688 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-9662) Introduce a Resource Mapping SPI
[ https://issues.apache.org/jira/browse/SLING-9662?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17185180#comment-17185180 ] Carsten Ziegeler commented on SLING-9662: - [~henzlerg] I think it would be good to move the spi packages below https://github.com/apache/sling-org-apache-sling-api/tree/feature/Resource_Mapping_SPI/src/main/java/org/apache/sling/spi - clearly separating api from spi > Introduce a Resource Mapping SPI > > > Key: SLING-9662 > URL: https://issues.apache.org/jira/browse/SLING-9662 > Project: Sling > Issue Type: New Feature > Components: API >Reporter: Georg Henzler >Assignee: Georg Henzler >Priority: Major > > Introduce a simple SPI that allows to contribute to the resource resolver's > map() and resolve() methods: > *ResourceUri:* > General purpose class to represent a ResourceUri (like e.g. a link in an html > tag). Immutable itself but adjustable using the builder pattern. Part of > the Sling API and can be used anywhere to simplify handling/modification of > Sling ResourceUri. Implements RequestPathInfo. ResourceUri can be created > easily from a String, a Request, a Resource, a URI or a RequestPathInfo. > *ResourceToUriMapper:* > SPI interface to be implemented as OSGi Service. All registered services > build a conceptual chain sorted by service ranking. The resource link is > passed through the chain while any ResourceToUriMapper chain member may or > may not make adjustments to the resource link. > rr.resolve() passes through the chain starting at the ResourceToUriMapper > with the highest service ranking and rr.map() passes through > the chain starting at the ResourceToUriMapper with the > lowest service ranking > _Mailing List References:_ > [https://www.mail-archive.com/dev@sling.apache.org/msg93537.html] > [https://www.mail-archive.com/dev@sling.apache.org/msg87736.html] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [sling-org-apache-sling-superimposing] saurabh-khare closed pull request #1: API Upgrade
saurabh-khare closed pull request #1: URL: https://github.com/apache/sling-org-apache-sling-superimposing/pull/1 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (SLING-9622) Avoid registration of auth requirements for aliases and vanity paths
[ https://issues.apache.org/jira/browse/SLING-9622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17185057#comment-17185057 ] Robert Munteanu commented on SLING-9622: Thanks for the comments [~angela] - I've updated the docs in [sling-site commit 43e2c86a|https://github.com/apache/sling-site/commit/43e2c86a]. > Avoid registration of auth requirements for aliases and vanity paths > > > Key: SLING-9622 > URL: https://issues.apache.org/jira/browse/SLING-9622 > Project: Sling > Issue Type: Improvement > Components: Authentication >Reporter: Carsten Ziegeler >Assignee: Carsten Ziegeler >Priority: Major > Fix For: Auth Core 1.5.0 > > Time Spent: 1.5h > Remaining Estimate: 0h > > Right now when auth requirements are registered, they need to be registered > for the resource path, as well as all vanity paths and potentially all > combinations of aliases for that path. First of all, this creates potentially > a lot of auth requirements for a single path, but as well requires that the > registrar of the auth requirement to be aware of vanity paths and aliases and > do the right thing and update the auth requirements whenever there are > changes. > We should avoid these additional registrations and processing. > The SlingAuthenticator is currently checking the request path against the > auth requirements. We could change this with checking the resolved path. So > the authenticator could use a service user resolver and resolve the path and > then check the auth requirements. > This avoids all the extra work for the registrar of the auth requirements, > but comes with the additional cost of a resolve call per request -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (SLING-9011) HTL: "automatic" context=uri on href/src seems to be wrong - Should be uri *and* html
[ https://issues.apache.org/jira/browse/SLING-9011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17185029#comment-17185029 ] Radu Cotescu commented on SLING-9011: - [~Henry Kuijpers], I'm tempted to not pursue the fix here, namely in SLING-9694. The reason is that the newest version of the HTML standard does not enforce this rule any more and it was most probably based on the fact that most of the browsers are lenient and automatically correct the URLs they use when accessing the resources. Section 12.1.2.3 [0] of the HTML standard mentions which characters are not allowed in an attribute value and the ampersand is not in this class. The standard does mention that ambiguous ampersands are not allowed, but these are defined as structures that look like a name character reference but are not one. Given the potential of introducing an incompatible change, I'm not sure if it would be really worth fixing this issue. [0] - https://html.spec.whatwg.org/multipage/syntax.html#attributes-2 > HTL: "automatic" context=uri on href/src seems to be wrong - Should be uri > *and* html > - > > Key: SLING-9011 > URL: https://issues.apache.org/jira/browse/SLING-9011 > Project: Sling > Issue Type: New Feature > Components: Scripting >Affects Versions: Scripting HTL Engine 1.3.2-1.4.0 >Reporter: Henry Kuijpers >Assignee: Radu Cotescu >Priority: Major > > url=[http://test.com/?a=true&b=false&c=%3F|http://test.com/?a=true&b=false] > Test > I expect the href to be (when viewing page source): > [http://test.com/?a=true&b=false&c=%3F] > It however is: > [http://test.com/?a=true&b=false&c=%3F] > HTML requires attributes to also be encoded, so I believe we're not doing > enough to do the proper encoding/escaping here. > WDYT? -- This message was sent by Atlassian Jira (v8.3.4#803005)
Re: [DISCUSS] Resource Mapping SPI
Hi Georg, Am 25.08.2020 um 18:53 schrieb Georg Henzler: We should have an API that can be used for this, whether this is rr.map() or something new is a different question. I have no problem with having rr.map() doing this. I'm in favour of not introducing a new API if it's not absolutely needed. But calling out to another service from rr.map()/rr.resolve() should work fine. We need at least one new method for rr which replaces resolve() and only does resolving without mapping - as resolving would already be done pre authentication. Ok fair enough - so your point was that the both map() and resolve() do not (or should not) produce different results based on the user context, my point was that to be future proof in the SPI, we need "access to the repository" to address all use cases. So "that service" in the current implementation would be ResourceUriMappingChain [1], it currently has access to a rr via MappingChainContext.getResourceResolver() [2] - I think a resolver needs to be available to do lookups in the repository, but this could also be one based on a service user (ready only rights on the whole repo suffice). Yes, ResourceUriMappingChain would be such a service - but the methods would not have a RR as a argument but we would use a service user inside the implementation (which is then passed on using MappingChainContext). Lets leave out the naming discussion for now, but my idea was to have a ResourceUriMappingChainFactory as a service and that one creates new ResourceUriMappingChain objects. An optional argument to the factory is the current request - so the request will be stored inside a ResourceUriMappingChain and there is no need to pass it to each and every call of a method of ResourceUriMappingChain. So to start with it it could work fine to hook in ResourceUriMappingChain.resolve() in the request processing before the resource resolver is created. Yes, something along those lines Maybe then in the future we could provide a service property to ResourceToUriMapping providers that allows to be called with the request's user context after the resource resolver is created (so moving the default mapping chain before the authentication at least does not block the possibility to allow user based resolutions for the future). I think this is where it gets dangerous :) If we allow for user based mapping later on, then clearly calling the chain before authentication is of no use. And I'm not sure if mapping per user is a good idea. > Also the user context could be generally be made available to rr.map(), I suppose there it wouldn't hurt (and it would allow to add users specific information to certain URLs, I think this can be quite useful). But to start with, would it be ok for you to leave MappingChainContext.getResourceResolver() [2] as is and provide a service user rr for repository access to the resolve operation? Yes, I'm not worried that much about the SPI api, I'm more worried about the service that is used which then calls the SPI (ResourceUriMappingChain) Regards Carsten -- Carsten Ziegeler Adobe Research Switzerland cziege...@apache.org
