Re: RequestFactroy dilemma when entity id is null.
Thanks Stefan. But in my opinion method with too many parameter of same type will require a developer to be more careful. SearchAPI.lookup(Integer, String, String, String, String, String) One has to be careful with parameter positions like 2nd is for name and so on. Although IDE like eclipse is there for little help but still we may not call it a best practice. On Wednesday, 17 April 2013 20:06:41 UTC+5:30, Stefan Ollinger wrote: It isnt exactly a use-case of RF to construct existing entities on the client side. Either you create a new one, or load an existing one form the server. Alternatively you can create a search API which expects simple parameters instead of objects: searchApi.lookup(id, name, ..) Putting everything in objects adds sometimes only another layer of indirection. Regards, Stefan On 17.04.2013 16:22, Aryan wrote: Thanks Jens, This is exactly how I am doing right now. I am having something like EmployeeSearchProxy extends ValueProxy for EmployeeSearch class which wraps up Employee and have an additional field for id. But it seems to me as workaround for a perticular case which solves a perticular problem. A few workarounds are not bad but if they grew large enough, they may haunt you back in maintainance. The real problem is control and communication which developer can do with GWT-RequestFactory framework. If I could have said at runtime to RequestFactory Hey RequestFactory, chill !!!, don't make any checks and don't throw any exception, this one is just for search purpose I guess it could might have been a better design and more compiling to object oriented principles. On Wednesday, 17 April 2013 17:50:20 UTC+5:30, Jens wrote: * *Is there any way I can tell RequestFactory: '*Hey RequestFactory, chill !!!, don't make any checks and don't throw any exception, this one is just for search purpose*' Use ValueProxy instead, e.g. EmployeSearchCriteriaProxy extends ValueProxy. ValueProxies do not have an identity and RF should not care about IDs and Versions. At first it may sound stupid to duplicate all the methods from your EmployeeEntityProxy because you can filter all properties of your Employee but in the future you may need to filter employees based on more complex data that is not directly available on EmployeeEntityProxy. -- J. -- -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: CSRF, XSS protection
but its impossible to hijack the session itself. Why is this important when you have a whole in your site due to XSS, as you assume above? If some script get full access to your site through XSS, it can set any header it wants such that your backend can't see the diference between a legal or illegal call. What do I miss here ? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: FormPanel.SubmitEvent cancel not working
A little out-of-time response but since this problem still exists in 2.5 I
think it's worth sharing another solution.
If you put javascript: into form's action attribute, nothing will happen
even if the event is not canceled. I know this isn't helpful in cases where
you need to validate the form, but in case you (like me) are preventing the
form submit to send the data using GWT RPC instead of the POST to take
advantage of the browser's password remembering feature (I'm wrapping
FormPanel around already existing form) this is actually helpful.
On Saturday, January 29, 2011 8:03:18 PM UTC+1, balkanski wrote:
I have just found the solution for GWT 2.1.1 version. Here it is:
First you do not use a 'SubmitButton' in your FormPanel, because it
turns out that it causes all the troubles.
Use a 'Button' instead and add a 'ClickHandler' to it, and call
'your_form.submit()' inside the 'onClick()' method.
You will find that after using 'Button' instead of 'SubmitButton' all
the input fields in the form has lost their
initial 'submit on Enter' behavior, which was observed at the
beginning.
Now attach to every input field a 'onKeyDown' handler(if you want, of
course) and check the event's native key code upon 'ENTER', and if yes
- submit the form.
That is all, now the 'event.cancel()' part in the form's SubmitHandler
is perfectly working.
On Jan 5, 10:27 pm, Greg Dougherty dougherty.greg...@mayo.edu wrote:
I have the following code in a GWT 2.1.0 project:
public void onSubmit (FormPanel.SubmitEvent event)
{
// This event is fired just before the form is submitted. We can
take
// this opportunity to perform validation.
String filename = gDataFileUploader.getFilename ();
if (filename.length () == 0)
{
showAlert (Need a valid File Name in before we can
upload a
file!);
event.cancel ();
}
}
Unfortunately, although it is called, the cancel () call doesn't stop
the submit from happening, and doesn't stop onSubmitComplete from
being called. Is this a GWT bug or a browser bug? (FireFox 3.6)
TIA,
Greg
--
You received this message because you are subscribed to the Google Groups
Google Web Toolkit group.
To unsubscribe from this group and stop receiving emails from it, send an email
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: How to centre fixed size panel inside another layout panel or screen
Hi Jens, Great, it works exactly as I want! Such a simple approach as well, it should be part of GWT though. David On Thursday, February 2, 2012 1:23:57 AM UTC+1, espinosa_cz wrote: Hi guys, I manage to put my context panel to the middle of the browser page in Vaadin. Seem my screenshots. It is done purely in Java code, the only CSS used is for setting colors and font sizes. Now I wondering how to make something similar with vanilla GWT. In Vaadin it is one line command! ((VerticalLayout)outerContentPanel).setComponentAlignment(contextPanel, Alignment.MIDDLE_CENTER); What is the GWT equivalent? How to centre a fixed size panel (LayoutPanel) inside resizable parent container, let's say RootLayoutPanel as it is in this picture? http://espinosa.s3-website-eu-west-1.amazonaws.com/vvregform2/vvregform/vvregform_progress_2011-01-24_-_screenshot_1.png The central panel (form) can grow, see here: http://espinosa.s3-website-eu-west-1.amazonaws.com/vvregform2/vvregform/vvregform_progress_2011-01-24_-_screenshot_3.png so the solution must be flexible, accommodate any change in the central panel. Preferably programmatically (no UiBinding) and ideally without special CSS tricks. I made some progress with encapsulated LayoutPanels and setting WidgetLeftRight and WidgetTopBottom. But I cannot figure out what values make it centered for any particular inner contextPanel sizes: // “parent”, outer content panel, make it fill whole screen (page) LayoutPanel outerContentPanel = new LayoutPanel(); outerContentPanel.setStyleName(outerContextPanel); outerContentPanel.setHeight(100%); outerContentPanel.setWidth(100%); // inner content panel LayoutPanel contentPanel = new LayoutPanel(); outerContentPanel.add(contentPanel); contentPanel.setStyleName(contextPanel); contentPanel.setSize(300px, 300px); // make it centered () outerContentPanel.setWidgetLeftRight(contentPanel, 50, Unit.PCT, 0, Unit.PCT); outerContentPanel.setWidgetTopBottom(contentPanel, 50, Unit.PCT, 0, Unit.PCT); // put some fancy content iside HTML html = new HTML(h1Hello world centered!/h1); contentPanel.add(html); // set as RootLayoutPanel.get().add(outerContentPanel) As values I tried 50% from all directions sides, it makes central contextPanel nicely centred but also invisible, clipped completely. When I use 50% from top and left only, 0% from bottom and right, the left top corner of the inner panel is centered, nice, but i need to get centered by its center. I am out of my wits now Any hints welcome Thank you Espinosa -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: FormPanel.SubmitEvent cancel not working
On Thursday, April 18, 2013 9:30:51 AM UTC+2, Honza Rames wrote: A little out-of-time response but since this problem still exists in 2.5 I think it's worth sharing another solution. If you put javascript: into form's action attribute, nothing will happen even if the event is not canceled. I know this isn't helpful in cases where you need to validate the form, but in case you (like me) are preventing the form submit to send the data using GWT RPC instead of the POST to take advantage of the browser's password remembering feature (I'm wrapping FormPanel around already existing form) this is actually helpful. Last time I tried, you had to let the submission go through, so you'd have to use action=javascript:foo() and expose a method as $wnd.foo via JSNI where you'd do your RPC. That was 4 years ago though! https://groups.google.com/d/topic/google-web-toolkit/KyzgtqqoJGE/discussion -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: GWT 2.5.1 now available
For some reason the combination of the new Eclipse plugin (3.2.2) and the new GWT (2.5.1) is not working for me. Outside eclipse all works fine. All this worked fine two days ago with the previous plugin (3.2.1) and SDK (2.5). I'll appreciate any suggestions. -- Reuben On Monday, March 11, 2013 9:11:16 PM UTC-4, Matthew Dempsky wrote: Hi everyone, We're excited to announce the GWT 2.5.1 release! There will be an announcement soon on the GWT Blog http://googlewebtoolkit.blogspot.com/, and you can download it herehttps://code.google.com/p/google-web-toolkit/downloads/detail?name=gwt-2.5.1.zip. This release has been uploaded to Maven Central with the version string of 2.5.1. GWT 2.5.1 contains over 50 new bug fixes, many of which were contributed by the community. Thanks to everyone who reported issues and/or submitted patches. -Matthew, on behalf of the GWT team -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Async Advice
Hi there, I am somewhat of a GWT novice and I am attempting to create my first application and I would appreciate if any wise old sages would be able to offer some guidance... As part of this application I want to offer offline functionality. My thoughts on how this will work are as follows: User logs in Credentials checked on server If ok, check client DB exists (if not, get DDL from server) if the server DB has been upgraded apply changes to client There are more steps to follow, but hopefully you get the general idea of what I am trying to achieve. I have been able to use RestyGWT to connect to PHP scripts and transfer JSON back and forth and I have also been able to use GWT Mobile Webkit to create and interact with a client DB. However, I am now a bit stuck in that I am unsure what the best way is to glue it all together as I am used to synchronous things... The easiest option I can see would be to daisy chain the callbacks together so that all required steps get executed in the required order. However, that seems rather inelegant and so I was wondering if there were any better options out there. I thought about an event for each step, but from what I have read, that appears to not be the done thing. I am also slightly confused as to what the best way to interface with the results of the callbacks, say if some other part of the application needs to make use of the results. Any advice would be very much appreciated! Cheers Tim -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
GWT - So terribly slow that makes development hard ... very hard ... extremely hard ...
Now that we have been using GWT for a while ... what do you think? Was it the right choice or thinking of migrating to other framework? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: GWT - So terribly slow that makes development hard ... very hard ... extremely hard ...
Hi, Are you using the same server to run backend and front end? It is very useful use two servers. Take a look at https://github.com/tbroyer/gwt-maven-archetypes. Juan 2013/4/18 Ani anice...@gmail.com Now that we have been using GWT for a while ... what do you think? Was it the right choice or thinking of migrating to other framework? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: GWT - So terribly slow that makes development hard ... very hard ... extremely hard ...
Are you using Firefox? If so, there's an issue: https://code.google.com/p/google-web-toolkit/issues/detail?id=7648 If not, I can report that SSD drives make a huge difference in GWT dev mode. On Thursday, April 18, 2013 10:22:15 AM UTC-7, Ani wrote: Now that we have been using GWT for a while ... what do you think? Was it the right choice or thinking of migrating to other framework? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: Joda Time Jodatime in GWT server
It's not enough to include it in the build path, you have to copy the library to the lib folder in your server side (uder war/WEB-INF), and then include it in the build path. This is so the server has access to the library. On Tuesday, April 16, 2013 12:36:15 AM UTC+3, Steve Morgan wrote: I'm using Jodatime in my GWT application, server only. I'm getting a runtime message: java.lang.ClassNotFoundException: org.joda.time.ReadableInstant. I have included Jodatime 1.6.2 in my project build path. Do I need to add an inherits ... statement as well? I am sure it is something extremely simple, I just haven't found it. Thanks, Steve -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: Security in gwt application.
Thomas,
This piece of code is in nocache.js
*function getDirectoryOfFile(path){*
* var hashIndex = path.lastIndexOf('#');*
* if (hashIndex == -1) {*
*hashIndex = path.length;*
* }*
* var queryIndex = path.indexOf('?');*
* if (queryIndex == -1) {*
*queryIndex = path.length;*
* }*
* var slashIndex = path.lastIndexOf('/', Math.min(queryIndex,
hashIndex));*
* return slashIndex = 0?path.substring(0, slashIndex + 1):'';*
*}*
*
*
The “path” parameter to this function comes from
*document.location.href*attribute.
This function is basically finding the last index of “/” in the browser
address bar ignoring what is there after “?” and “#”.
From what I know DOM based XSS can occur by injecting scripts after “?” or
“#” like this
Server can sanitize this script because the value of the name attribute is
sent to the server
*http://domain.com/index.html?name=scriptMALICIOUS_CODE/script *
OR
Server cannot sanitize this script because the fragment after “#” is never
sent to the server and runs on the browser itself
*http://domain.com/index.html#name=scriptMALICIOUS_CODE/script*
*
*
nochache.js also has the following code
*base = getDirectoryOfFile(document.location.href);*
*document.write('script language=javascript src=' + base +
'scripts/xyz.js\/script');*
* *Our security analysis tool complains that this is an XSS issue since *base
*is not a compile time constant.
On Wed, Apr 17, 2013 at 6:08 PM, Thomas Broyer t.bro...@gmail.com wrote:
On Wednesday, April 17, 2013 3:20:09 PM UTC+2, Shashank Raj Holavanalli
wrote:
Thomas,
I am using GWT 2.0.3 and this is being generated in the *.nocache.js.
Come on, 2.0.3 is 3 damn years old!
Is there any solution to this ? This clearly seems like an XSS
vulnerability to me. Have you fixed this in the later version ? If yes then
which one ?
There's been a few security fixes in latest versions (though not related
to this one).
AFAICT, assuming this is from computeBaseUrl(), this code will almost
never be called (it depends how you load the nocache.js), so there should
be no vulnerability in practice.
It'd help if you could give more info as to which code exactly you're
talking about (compile with -style PRETTY so the JS won't be obfuscated).
--
You received this message because you are subscribed to a topic in the
Google Groups Google Web Toolkit group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/google-web-toolkit/WKcB-pDtfgA/unsubscribe?hl=en
.
To unsubscribe from this group and all its topics, send an email to
google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
*Shashank Raj Holavanalli*
Software Engineer
NetApp New England
*www.crackeasily.com* http://www.crackeasily.com
--
You received this message because you are subscribed to the Google Groups
Google Web Toolkit group.
To unsubscribe from this group and stop receiving emails from it, send an email
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: GWT - So terribly slow that makes development hard ... very hard ... extremely hard ...
performance improvement definitely seems to be an immediate priority. See the draft roadmap https://docs.google.com/document/d/1bmp0a-d5cb_Sqb4w9rZyfMhg7i6lYfLLt3zymIFoAmo/edit On Thursday, April 18, 2013 1:22:15 PM UTC-4, Ani wrote: Now that we have been using GWT for a while ... what do you think? Was it the right choice or thinking of migrating to other framework? -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: Async Advice
As its a mobile app you should always think about how to reduce server
requests by sending the server more information at once. Less requests =
less latency in using your app.
For example the above 4 steps you have described can be done with a single
request:
Request: Client logs in: Client sends credentials *AND* current DB version
(0 = no DB yet)
Response: If credentials are valid, the server sends back SQL based on the
client db version (either full schema or just an upgrade or nothing at
all). If credentials are invalid, an HTTP error code will be send.
In the very rare cases where you really need to wait for a server response
before you can immediately (without user interaction required) fire the
next server request just use private methods to flatten the daisy
chaining a bit:
server.fetchFirstThing(new AsyncCallback() {
void onSuccess() {
fetchSecondThing();
}
}
But as mentioned, if no user interaction is required between requests,
there is a good chance that you can combine these requests into a single
one.
-- J.
--
You received this message because you are subscribed to the Google Groups
Google Web Toolkit group.
To unsubscribe from this group and stop receiving emails from it, send an email
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: Async Advice
Hi Jens,
Thanks for your input - much appreciated! I had actually come to the same
conclusion after posting this when I was thinking about alternative
solutions to the issue.
Regarding accessing results of a callback elsewhere in the application (if
required), what is the best way to do this?
Cheers
Tim
On Thursday, 18 April 2013 20:27:39 UTC+1, Jens wrote:
As its a mobile app you should always think about how to reduce server
requests by sending the server more information at once. Less requests =
less latency in using your app.
For example the above 4 steps you have described can be done with a single
request:
Request: Client logs in: Client sends credentials *AND* current DB
version (0 = no DB yet)
Response: If credentials are valid, the server sends back SQL based on the
client db version (either full schema or just an upgrade or nothing at
all). If credentials are invalid, an HTTP error code will be send.
In the very rare cases where you really need to wait for a server response
before you can immediately (without user interaction required) fire the
next server request just use private methods to flatten the daisy
chaining a bit:
server.fetchFirstThing(new AsyncCallback() {
void onSuccess() {
fetchSecondThing();
}
}
But as mentioned, if no user interaction is required between requests,
there is a good chance that you can combine these requests into a single
one.
-- J.
--
You received this message because you are subscribed to the Google Groups
Google Web Toolkit group.
To unsubscribe from this group and stop receiving emails from it, send an email
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Can't find postgres driver from debug mode
This is driving me crazy. My (large) project uses Hibernate and Postgres. On one machine it works perfectly. On two machines: - All works fine when running externally (from the web server) - Other (non gwt) programs work fine, using the same eclipse project, same classpath, same config (persistence.xml) etc. - If I launch my project in GWT debug mode, the following code fails immediately: emf = Persistence.createEntityManagerFactory(dpu, connectionProperties); I have confirmed that all the connection properties are the same when connecting. There are two things that I am considering: - The classpath is incorrect - GWT is including hibernate code that is interfering with my EMF. Has anyone ever seen anything like this? I really want to use the debugger!!! Thanks for your time! -- Jamie -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: Can't find postgres driver from debug mode
Update: I grabbed the hibernate code, extracted parts, and here's the interesting bit: PersistenceProviderResolver ppr = PersistenceProviderResolverHolder.getPersistenceProviderResolver(); ListPersistenceProvider list = ppr.getPersistenceProviders(); On the good machine, the list has the hibernate provider. On the bad machines, the list is empty. Ugh. I even have the provider listed specifically in the persistence unit. ARGH! On Thursday, 18 April 2013 16:04:35 UTC-4, Jamie wrote: This is driving me crazy. My (large) project uses Hibernate and Postgres. On one machine it works perfectly. On two machines: - All works fine when running externally (from the web server) - Other (non gwt) programs work fine, using the same eclipse project, same classpath, same config (persistence.xml) etc. - If I launch my project in GWT debug mode, the following code fails immediately: emf = Persistence.createEntityManagerFactory(dpu, connectionProperties); I have confirmed that all the connection properties are the same when connecting. There are two things that I am considering: - The classpath is incorrect - GWT is including hibernate code that is interfering with my EMF. Has anyone ever seen anything like this? I really want to use the debugger!!! Thanks for your time! -- Jamie -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: Security in gwt application.
That's more or less what I said: the odds that
getDirectoryOfFile($doc.location.href) is actually called are a) very low
b) dependent on how you call the *.nocache.js more than the runtime
environment.
Starting with 2.1.0, you can set the 'base' using meta
name=gwt:property value=baseUrl=foo/ (have a look how Google Groups
uses it, scoped only to the 'standalone' module so it's
name=standalone::gwt:property rather than name=gwt:property).
Starting with 2.1.0 you can also more easily replace that code altogether
with a custom linker (this was possible in 2.0.3 too but required copying
the whole IFrameTemplate.js whereas 2.1.0 made it more modular)
On Thursday, April 18, 2013 8:56:15 PM UTC+2, Shashank Raj Holavanalli
wrote:
Thomas,
This piece of code is in nocache.js
*function getDirectoryOfFile(path){*
* var hashIndex = path.lastIndexOf('#');*
* if (hashIndex == -1) {*
*hashIndex = path.length;*
* }*
* var queryIndex = path.indexOf('?');*
* if (queryIndex == -1) {*
*queryIndex = path.length;*
* }*
* var slashIndex = path.lastIndexOf('/', Math.min(queryIndex,
hashIndex));*
* return slashIndex = 0?path.substring(0, slashIndex + 1):'';*
*}*
*
*
The “path” parameter to this function comes from
*document.location.href*attribute.
This function is basically finding the last index of “/” in the browser
address bar ignoring what is there after “?” and “#”.
From what I know DOM based XSS can occur by injecting scripts after “?” or
“#” like this
Server can sanitize this script because the value of the name attribute is
sent to the server
*http://domain.com/index.html?name=scriptMALICIOUS_CODE/script *
OR
Server cannot sanitize this script because the fragment after “#” is never
sent to the server and runs on the browser itself
*http://domain.com/index.html#name=scriptMALICIOUS_CODE/script*
*
*
nochache.js also has the following code
*base = getDirectoryOfFile(document.location.href);*
*document.write('script language=javascript src=' + base +
'scripts/xyz.js\/script');*
* *Our security analysis tool complains that this is an XSS issue since *base
*is not a compile time constant.
On Wed, Apr 17, 2013 at 6:08 PM, Thomas Broyer t.br...@gmail.comjavascript:
wrote:
On Wednesday, April 17, 2013 3:20:09 PM UTC+2, Shashank Raj Holavanalli
wrote:
Thomas,
I am using GWT 2.0.3 and this is being generated in the *.nocache.js.
Come on, 2.0.3 is 3 damn years old!
Is there any solution to this ? This clearly seems like an XSS
vulnerability to me. Have you fixed this in the later version ? If yes then
which one ?
There's been a few security fixes in latest versions (though not related
to this one).
AFAICT, assuming this is from computeBaseUrl(), this code will almost
never be called (it depends how you load the nocache.js), so there should
be no vulnerability in practice.
It'd help if you could give more info as to which code exactly you're
talking about (compile with -style PRETTY so the JS won't be obfuscated).
--
You received this message because you are subscribed to a topic in the
Google Groups Google Web Toolkit group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/google-web-toolkit/WKcB-pDtfgA/unsubscribe?hl=en
.
To unsubscribe from this group and all its topics, send an email to
google-web-toolkit+unsubscr...@googlegroups.com javascript:.
To post to this group, send email to
google-we...@googlegroups.comjavascript:
.
Visit this group at
http://groups.google.com/group/google-web-toolkit?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
*Shashank Raj Holavanalli*
Software Engineer
NetApp New England
*www.crackeasily.com* http://www.crackeasily.com
--
You received this message because you are subscribed to the Google Groups
Google Web Toolkit group.
To unsubscribe from this group and stop receiving emails from it, send an email
to google-web-toolkit+unsubscr...@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: Can't find postgres driver from debug mode
I'd bet your driver's JAR is not in WEB-INF/lib. On Thursday, April 18, 2013 10:04:35 PM UTC+2, Jamie wrote: This is driving me crazy. My (large) project uses Hibernate and Postgres. On one machine it works perfectly. On two machines: - All works fine when running externally (from the web server) - Other (non gwt) programs work fine, using the same eclipse project, same classpath, same config (persistence.xml) etc. - If I launch my project in GWT debug mode, the following code fails immediately: emf = Persistence.createEntityManagerFactory(dpu, connectionProperties); I have confirmed that all the connection properties are the same when connecting. There are two things that I am considering: - The classpath is incorrect - GWT is including hibernate code that is interfering with my EMF. Has anyone ever seen anything like this? I really want to use the debugger!!! Thanks for your time! -- Jamie -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: Async Advice
Regarding accessing results of a callback elsewhere in the application (if required), what is the best way to do this? Somewhat depends on the concrete case. If its very general data that multiple independent components are interested in, you could publish that data on an app global EventBus using an event. Sometimes you can also store general data somewhere and then provide that information through a constructor dependency in other classes. For example a client side UserSession class could be a dependency in multiple app components and filled once by the login process. If its more like a parent - child relationship (1:n) the child could hold a reference to the parent and notify it by calling a method on the parent. But try to avoid it through multiple layers so you dont end up with getParent().getParent().getParent().notify(). You can also use events in a parent - child scenario to decouple both but I would not send that event on the EventBus as its probably relative specific to the parent and child. Just start hacking and once you feel uncomfortable with the code just ask again with a more concrete scenario. -- J. -- You received this message because you are subscribed to the Google Groups Google Web Toolkit group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscr...@googlegroups.com. To post to this group, send email to google-web-toolkit@googlegroups.com. Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[gwt-contrib] Re: Ensures integer pixel values and adds getters for subpixel values (issue1815803)
Fixed the issues mentioned by Thomas. Daniel, did you have any comments
on this?
http://gwt-code-reviews.appspot.com/1815803/diff/1/src/com/google/gwt/dom/client/DOMImpl.java
File src/com/google/gwt/dom/client/DOMImpl.java (right):
http://gwt-code-reviews.appspot.com/1815803/diff/1/src/com/google/gwt/dom/client/DOMImpl.java#newcode149
src/com/google/gwt/dom/client/DOMImpl.java:149: public int
eventGetScreenX(NativeEvent evt) {
On 2012/08/24 10:07:09, tbroyer wrote:
Should these be made 'final' to make sure subclasses only ever
override the
subpixel variants?
Done.
http://gwt-code-reviews.appspot.com/1815803/diff/1/src/com/google/gwt/dom/client/DOMImplStandard.java
File src/com/google/gwt/dom/client/DOMImplStandard.java (right):
http://gwt-code-reviews.appspot.com/1815803/diff/1/src/com/google/gwt/dom/client/DOMImplStandard.java#newcode61
src/com/google/gwt/dom/client/DOMImplStandard.java:61: screenY|0,
clientX|0, clientY|0, ctrlKey, altKey, shiftKey, metaKey, button,
On 2012/08/28 08:04:50, John A. wrote:
You are totally right, that was a quick fix on my part. The integer
arguments
should indeed be exchanged with doubles instead of rounding them.
Done.
http://gwt-code-reviews.appspot.com/1815803/
--
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
---
You received this message because you are subscribed to the Google Groups Google Web Toolkit Contributors group.
To unsubscribe from this group and stop receiving emails from it, send an email
to google-web-toolkit-contributors+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
[gwt-contrib] Change in gwt[master]: removes block splitting logic that was specific to IE6/7
Thomas Broyer has posted comments on this change. Change subject: removes block splitting logic that was specific to IE6/7 .. Patch Set 1: Code-Review-1 If we start removing IE6/7 support, we should start with removing the ie6 permutation, and only then (or at the same time) the supporting code. That said, IIRC, we settled on removing IE6/7 support after the 2.6 release. -- To view, visit https://gwt-review.googlesource.com/2550 To unsubscribe, visit https://gwt-review.googlesource.com/settings Gerrit-MessageType: comment Gerrit-Change-Id: I620238c98f8385956d8df52b0d914ad74e9011f5 Gerrit-PatchSet: 1 Gerrit-Project: gwt Gerrit-Branch: master Gerrit-Owner: John Stalcup stal...@google.com Gerrit-Reviewer: Thomas Broyer t.bro...@gmail.com Gerrit-HasComments: No -- -- http://groups.google.com/group/Google-Web-Toolkit-Contributors --- You received this message because you are subscribed to the Google Groups Google Web Toolkit Contributors group. To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit-contributors+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
