[magnolia-dev] [JIRA] (JSMODELS-8) JavascriptObjectFactory should expose HTMLEscapingAggregationState to templates

[JIRA (on behalf of Federico Grilli)]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Federico Grilli updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Magnolia _javascript_ Models /  JSMODELS-8  
 
 
  _javascript_ObjectFactory should expose HTMLEscapingAggregationState to templates   
 

  
 
 
 
 

 
Change By: 
 Federico Grilli  
 

  
 
 
 
 

 
 See relate issue MAGNOLIA-6448. Basically templates may get a vulnerable aggregation state object. To reproduce:- In Resources App create {{/travel-demo/models/components/textImage.js}}-- Add the following snippet to the above file{code}var MyModel = function() {this.currentURI= function() {return " state current uri  is " + state.currentURI;};};new MyModel();{code}- Edit {{/travel-demo/templates/components/textImage.yaml}} and add the following snippet{code}modelPath: /travel-demo/models/components/textImage.jsclass: info.magnolia.module.jsmodels.rendering._javascript_TemplateDefinition{code}- Edit {{/travel-demo/templates/components/textImage.ftl}} and add the following snippet{code}TEST ${model.currentURI()}{code}- open page with malicious URI http://localhost:8080/travel/about~cf503%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E7af3b~- problem shows up- enable {{/server/rendering/engine@escapeHtml=true}} and open again the above page  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 
  

[magnolia-dev] [JIRA] (JSMODELS-8) JavascriptObjectFactory should expose HTMLEscapingAggregationState to models

[JIRA (on behalf of Federico Grilli)]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Federico Grilli updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Magnolia _javascript_ Models /  JSMODELS-8  
 
 
  _javascript_ObjectFactory should expose HTMLEscapingAggregationState to models   
 

  
 
 
 
 

 
Change By: 
 Federico Grilli  
 
 
Summary: 
 _javascript_ObjectFactory should expose HTMLEscapingAggregationState to  templates  models  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 

  
 

  
 

   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] [JIRA] (JSMODELS-8) JavascriptObjectFactory should expose HTMLEscapingAggregationState to templates

[JIRA (on behalf of Federico Grilli)]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Federico Grilli updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Magnolia _javascript_ Models /  JSMODELS-8  
 
 
  _javascript_ObjectFactory should expose HTMLEscapingAggregationState to templates   
 

  
 
 
 
 

 
Change By: 
 Federico Grilli  
 

  
 
 
 
 

 
 See relate issue MAGNOLIA-6448. Basically templates may get a vulnerable aggregation state object. To reproduce:- In Resources App create {{/travel-demo/models/components/textImage.js}}- - Add the following snippet to the above file{code}var MyModel = function() {this.currentURI= function() {return "state is " + state.currentURI;};};new MyModel();{code}-  Edit {{/travel-demo/templates/components/textImage.yaml}} and add the following snippet{code}modelPath: /travel-demo/models/components/textImage.jsclass: info.magnolia.module.jsmodels.rendering._javascript_TemplateDefinition{code}- Edit {{/travel-demo/templates/components/textImage.ftl}} and add the following snippet{code}TEST ${model.currentURI()}{code}- open page with malicious URI http://localhost:8080/travel/about~cf503%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E7af3b~- problem shows up- enable {{/server/rendering/engine@escapeHtml=true}} and open again the above page  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 
  

[magnolia-dev] [JIRA] (DOCU-1046) Documentation for IBM Web Forms

[JIRA (on behalf of Christoph Meier)]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Christoph Meier updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Documentation /  DOCU-1046  
 
 
  Documentation for IBM Web Forms   
 

  
 
 
 
 

 
Change By: 
 Christoph Meier  
 
 
Assignee: 
 Roman Kovařík  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 

  
 

  
 

   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] [JIRA] (JSMODELS-8) JavascriptObjectFactory should expose HTMLEscapingAggregationState to templates

[JIRA (on behalf of Federico Grilli)]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Federico Grilli updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Magnolia _javascript_ Models /  JSMODELS-8  
 
 
  _javascript_ObjectFactory should expose HTMLEscapingAggregationState to templates   
 

  
 
 
 
 

 
Change By: 
 Federico Grilli  
 
 
Fix Version/s: 
 1.0  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 

  
 

  
 

   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] [JIRA] (JSMODELS-8) JavascriptObjectFactory should expose HTMLEscapingAggregationState to templates

[JIRA (on behalf of Federico Grilli)]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Federico Grilli updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Magnolia _javascript_ Models /  JSMODELS-8  
 
 
  _javascript_ObjectFactory should expose HTMLEscapingAggregationState to templates   
 

  
 
 
 
 

 
Change By: 
 Federico Grilli  
 

  
 
 
 
 

 
 See relate issue MAGNOLIA-6448. Basically templates may get a vulnerable aggregation state object.  This needs further verification anyway  To reproduce:- In Resources App create {{/travel-demo/models/components/textImage . js}}  - Edit {{/travel-demo/templates/components/textImage.yaml}} and add the following snippet{code}modelPath: /travel-demo/models/components/textImage.jsclass: info.magnolia.module.jsmodels.rendering._javascript_TemplateDefinition{code}- Edit {{/travel-demo/templates/components/textImage.ftl}} and add the following snippet{code}TEST ${model.currentURI()}{code}- open page with malicious URI http://localhost:8080/travel/about~cf503%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E7af3b~- problem shows up- enable {{/server/rendering/engine@escapeHtml=true}} and open again the above page  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 

  
 

 

[magnolia-dev] [JIRA] (DOCU-1046) Documentation for IBM Web Forms

[on behalf of Roman Kovařík]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Roman Kovařík updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Documentation /  DOCU-1046  
 
 
  Documentation for IBM Web Forms   
 

  
 
 
 
 

 
Change By: 
 Roman Kovařík  
 
 
Assignee: 
 Roman Kovařík  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 

  
 

  
 

   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] [JIRA] (MGNLREST-86) RESTEasy 3.0.19.Final has issue, RESTEasy dependency should be upgraded

[JIRA (on behalf of Hieu Nguyen Duc)]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Hieu Nguyen Duc updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Magnolia REST Framework /  MGNLREST-86  
 
 
  RESTEasy 3.0.19.Final has issue, RESTEasy dependency should be upgraded   
 

  
 
 
 
 

 
Change By: 
 Hieu Nguyen Duc  
 
 
Original Estimate: 
 1.5d  
 
 
Remaining Estimate: 
 1.5d  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 

  
 

  
 

   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] [JIRA] (DOCU-1046) Documentation for IBM Web Forms

[on behalf of Roman Kovařík]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Roman Kovařík updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Documentation /  DOCU-1046  
 
 
  Documentation for IBM Web Forms   
 

  
 
 
 
 

 
Change By: 
 Roman Kovařík  
 
 
Assignee: 
 Roman Kovařík  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 

  
 

  
 

   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] [JIRA] (JSMODELS-11) Javascript "undefined" value should be treated as null value in freemarker

[on behalf of Antonín Juran]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Antonín Juran reopened an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Magnolia _javascript_ Models /  JSMODELS-11  
 
 
  _javascript_ "undefined" value should be treated as null value in freemarker   
 

  
 
 
 
 

 
Change By: 
 Antonín Juran  
 
 
Resolution: 
 Fixed  
 
 
Status: 
 In QA Reopened  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 

  
 

  
 

   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] [JIRA] (MGNLUI-4219) Add vaadin add-on TokenField

[on behalf of Roman Kovařík]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Roman Kovařík updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Magnolia UI /  MGNLUI-4219  
 
 
  Add vaadin add-on TokenField   
 

  
 
 
 
 

 
Change By: 
 Roman Kovařík  
 
 
Fix Version/s: 
 5.5.5  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 

  
 

  
 

   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] [JIRA] (MGNLUI-4225) Too big drop in image quality when using image variation and cropping

[JIRA (on behalf of Ilgun Ilgun)]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Ilgun Ilgun updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Magnolia UI /  MGNLUI-4225  
 
 
  Too big drop in image quality when using image variation and cropping   
 

  
 
 
 
 

 
Change By: 
 Ilgun Ilgun  
 

  
 
 
 
 

 
 Using image variation and especially cropping degrades image quality more than expected. When I upload an image using the image upload dialogue in the Content editor app (but also Pages or any other content app) and any kind of  tranformation  transformation  is applied to the image stored in the DAM by Magnolia the image quality is significantly less than when I would apply the same transformation using for instance Photoshop. Especially cropping has a very degrading effect. Setting a higher quality in modules/imaging/config/generators/mte/outputFormat doesn't solve the quality loss  percieved  perceived .* Absolute worst case: cropping image in Magnolia causes quality to drop very heavily* Still bad: directly uploading an image without cropping* Much, much better: resizing with photoshop (bypassing Magnolia completely)See  [^image_quality_test.zip]  and check the quality difference.  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 

  
   

[magnolia-dev] [JIRA] (MGNLUI-4225) Too big drop in image quality when using image variation and cropping

[JIRA (on behalf of Mathijs Kraai)]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Mathijs Kraai updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Magnolia UI /  MGNLUI-4225  
 
 
  Too big drop in image quality when using image variation and cropping   
 

  
 
 
 
 

 
Change By: 
 Mathijs Kraai  
 
 
Attachment: 
 rb-8002109.jpg  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 

  
 

  
 

   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] Re: Need IPhone App Development Consultation

[Robert Rex (via Magnolia Forums)]

This is obviously an excellent opportunity for you that you are professionally 
associated with numerous [url=https://www.branex.com/app-solutions/]mobile app 
development solutions companies[/url] just for the acquiring the knowledge, 
skills and the successful completion of your app project named as iOS photo 
sharing app. For consultation & customization of this application, I prescribed 
you that you must contact with small to medium businesses owners around you, 
who are running their businesses via heir mobile apps they will definitely 
guide you the which one is best for your project.

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=ead39ffb-eb15-49ea-ae69-881db0d83e71



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] [JIRA] (MGNLUI-4162) Restyle combobox and its positioning

[JIRA (on behalf of Oanh Thai Hoang)]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Oanh Thai Hoang updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Magnolia UI /  MGNLUI-4162  
 
 
  Restyle combobox and its positioning   
 

  
 
 
 
 

 
Change By: 
 Oanh Thai Hoang  
 
 
Original Estimate: 
 3d  
 
 
Remaining Estimate: 
 3d  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 

  
 

  
 

   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] [JIRA] (MGNLUI-4162) Restyle combobox and its positioning

[JIRA (on behalf of Oanh Thai Hoang)]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Oanh Thai Hoang updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Magnolia UI /  MGNLUI-4162  
 
 
  Restyle combobox and its positioning   
 

  
 
 
 
 

 
Change By: 
 Oanh Thai Hoang  
 
 
Assignee: 
 Oanh Thai Hoang  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 

  
 

  
 

   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: 

[magnolia-dev] [JIRA] (MGNLUI-4225) Too big drop in image quality when using image variation and cropping

[JIRA (on behalf of Mariusz Chruscielewski)]

Title: Message Title


 
 
 
 

 
 
 

 
   
 Mariusz Chruscielewski updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Magnolia UI /  MGNLUI-4225  
 
 
  Too big drop in image quality when using image variation and cropping   
 

  
 
 
 
 

 
Change By: 
 Mariusz Chruscielewski  
 
 
Attachment: 
 MIlanbooss_100quality.jpg  
 
 
Attachment: 
 MIlanboos_70quality.jpg  
 
 
Attachment: 
 MIlanboos.jpg  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian JIRA (v7.2.6#72008-sha1:26175bf)  
 
 

 
   
 

  
 

  
 

   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: