> Maybe, people disagree with your contention that it's a bulletproof
> solution. I think it may have unintended consequences. It would then
> behave differently than similar CF functions. Both of these are bad
> outcomes - worse, to me, than the status quo.
>
> In any case, requiring a change to
> Whether it would be NEVER or not, the simple fact is that it's
> IMPOSSIBLE for CF to do this. The only way I can think to do it
> would be as a postprocessing of the entire generated content (an
> outbound servlet filter) with a full HTML and JS parser available.
> Here's a relatively simple e
> > In spite of the fact that SerializeJSON()
> > handles it correctly.
>
> That's a different function, designed to do a different thing. Your
> comparison is analogous to complaning that XMLFormat doesn't behave
> like CFWDDX.
That's one of the dumbest things I've ever heard in my life.
--
> it's a real peeve for me when there's a
> simple, quick and totally bulletproof
> solution to a problem and people would
> rather spend hours formulating
> arguments against implementing the
> obvious, quick and painless solution in
> front of them.
Maybe, people disagree with your conten
cf.Objective() 2008 has three hands on sessions this year: ColdSpring
1337, Agile Development and Advanced ColdBox. These are two hour
sessions. In addition, there is a two hour Flex 3 for ColdFusion
developers session (not hands on tho') as part of the RIA track.
On 12/31/07, Dave Watts <[EMAIL P
Looking at what GMail did to the formatting, I've posted the raw source here:
http://barneyb.com/rhino/jsstringformat.txt
cheers,
barneyb
On Dec 31, 2007 7:26 PM, Barney Boisvert <[EMAIL PROTECTED]> wrote:
> On Dec 31, 2007 6:26 PM, s. isaac dealey <[EMAIL PROTECTED]> wrote:
> > > As you point o
On Dec 31, 2007 6:26 PM, s. isaac dealey <[EMAIL PROTECTED]> wrote:
> > As you point out, it is only unsafe under certain conditions.
>
> What circumstance in which would it be a problem if it escaped the
> string?
>
> I can tell you what circumstance in which that would happen -- NEVER.
Whether
> In spite of the fact that SerializeJSON()
> handles it correctly.
That's a different function, designed to do a different thing. Your comparison
is analogous to complaning that XMLFormat doesn't behave like CFWDDX.
Dave Watts, CTO, Fig Leaf Software
~~
> Umm... nope, I mentioned this a few
> years ago.
OK, two people. Still an edge case.
Dave Watts, CTO, Fig Leaf Software
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
I just wanted to apologize for my replies to the jsstringformat thread...
finding myself more agitated by it than I should be...
As way of explanation (rather than excuse), it's a real peeve for me
when there's a simple, quick and totally bulletproof solution to a
problem and people would rather
> If I enter "the End of " and it
> gets butchered when it goes somewhere
> else, that's a bug.
Yes. A bug in your code. It is the job of your code to ensure that values are
used and stored appropriately.
Dave Watts, CTO, Fig Leaf Software
~
I keep getting emails about AJAXWorld. But I really don't know anything
about it.
--
s. isaac dealey ^ new epoch
isn't it time for a change?
ph: 503.236.3691
http://onTap.riaforge.org/blog
~|
Adobe® ColdFusion® 8 so
> Yes, that's how the function should work. The behavior you want is an
> edge case, and it's something you can easily do yourself with a
> workaround. However, making that the default behavior would require
> that CF know all of the things that could cause a JavaScript literal
> string to cause pr
> As you point out, it is only unsafe under certain conditions.
You mean any condition in which a user might have entered something into
a form?
As compared to:
What circumstance in which would it be a problem if it escaped the
string?
I can tell you what circumstance in which that would ha
> The LiveDocs for CF7 simply state jsstringformat returns "A string
> that is safe to use with JavaScript.". I think it is obvious that
> "" is not a "safe" string under certain JavaScript
> conditions.
Viola. It doesn't do what its documentation describes.
Who here wants to call it a document
> It shouldn't do that. It formats a string, and all of those
> characters are valid characters within a JS string. You wouldn't want
> to do anything special if you were serving a JS file out to the
> browser; it's only when you're serving JS embedded in an HTML file
> that you need to worry abo
> Relative positioning?
To clarify what I think Ade is describing, there's an unfortunate bug in
Internet Explorer that causes anything that's been given
"position:relative;" in it's style to receive a wierd sort of
"SUPER-Z-Index!" that basically is equivalent of like "always on top" in
Windows l
> My cftextarea just outputted it straight from the field and voila,
> there's a bunch of those chars in my output. I still don't understand
> how they're gettin there.
hrm... that sounds like either a bug in ColdFusion or an issue with the
browser... I believe that one or the other is supposed t
> I wrote that it was an edge case because you're the first person to have
> both encountered this problem and to also have suggested that CF isn't doing
> what it should.
Umm... nope, I mentioned this a few years ago. And had mentioned it on
a number of occasions since then. The fact that nobody
Raymond Camden wrote:
> Does BlogCFC work ok with Hebrew when you use it directly instead of
> an XML-RPC client?
i guess it should if his db is setup correctly. i'm still running an old
version
& am not familiar w/posting content from anything but the app itself, i'll see
if i can get a look a
> Naturally your examples do not error since you have
> demonstrated a JavaScript string containing the text
> "" which is not contained within "real" script tags.
> My onus however, was not to prove that EVERY arbitrary
> "" embedded within a JS string in an HTML document
> would error but r
> Where is your friend teaching this course?
>
> Ben
>
At the local community college.
Thanks much!
Will
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.d
JHello everyone,
I have several organizations wyho want to enable their Web sites to
process transactions via Pay-Pal. I downloaded the Pay-Pal module which
allows one to seemlessly integrate their PHP sites with Pay-Pal allowing
visitors to remain on the native Web site while Pay-Pal works in
To completely cover the latter, if you need to emit a JS string containing a
literal "" within a HTML SCRIPT block, you manually split it and
you're done. jsStringFormat will make ensure a CF string is safe for use as
a JS string, according to the rules of the JS language. It doesn't (and
can't)
Naturally your examples do not error since you have demonstrated a
JavaScript string containing the text "" which is not contained
within "real" script tags. My onus however, was not to prove that EVERY
arbitrary "" embedded within a JS string in an HTML document
would error but rather the possibi
> How about Web Maniacs?
> http://www.webmaniacsconference.com/
>
> It is still CF related, but also includes Flex/AIR.
And, to toot our own horn so to speak, we have hands-on sessions; we're the
only conference I know of that does this.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Google Gears... The idea of a local(client side) web-server and datasource,
where users can run web applications offline(See the January Linux Magazine).
Wonder if you could similarly have a local mini ColdFusion server? It might
provide an interesting alternative or addition to AJAX or Flash b
> I would have to disagree. I am not attempting to blame
> ColdFusion for the behavior of my browser. I am charging the
> documentation and behavior of the jsstringformat function to
> be misleading (and possibly too narrow) given the fact that
> it advertises "safe" strings. I figure the ma
> The second example is irrelevant. If you have the same problem with a
> JavaScript literal string in a static HTML page, the fact that you can
> generate such a string - which, as you note, is in fact a valid
JavaScript
> literal string - with CF doesn't make this a CF problem.
I would have to d
> The LiveDocs for CF7 simply state jsstringformat returns "A
> string that is safe to use with JavaScript.". I think it is
> obvious that "" is not a "safe" string under certain
> JavaScript conditions.
>
> Ok, so technically, "" IS safe with JavaScript
> alone-- but it isn't a "safe" string
My feeling would be no. I like the way it currently works.
JSStringFormat does what the function says. It is not called JSSafeFromAnything.
As you point out, it is only unsafe under certain conditions. So I am
glad it does not always strip everything out that might possibly meet
a seldom seen con
>> I had always believed that jsstringformat did absolutely
>> everything necessary to string of text in order to set it
>> into a JavaScript string variable.
> JSStringFormat escapes JavaScript metacharacters; nothing more,
nothing
> less. That's all it does, and that's all it's supposed to do.
> So, do you consider that to be a browser bug or is the
> replace method really the "right" way to do it?
I certainly wouldn't consider it a browser bug. The browser's job, first and
foremost, is to parse HTML. The closing SCRIPT tag is HTML. The browser
can't be expected to look at your closing
> Barring that you can set up a site that mirrors your web site
> but does allow anon access and have it respond only to
> 127.0.0.1. That would allow your tasks to run but not expose
> the content to the outside world.
This is the approach I'd recommend, although I probably wouldn't have it
mi
Hello again -
Thanks for the good ideas. I need to keep Anonymous Access off on the primary
web site, but having a secondary site that does allow it, is a good idea.
Thank you very much!
Doug
>Right... Excellent I forgot you could set permissions at a very granular
>level like that.
>
>
> I had always believed that jsstringformat did absolutely
> everything necessary to string of text in order to set it
> into a JavaScript string variable.
JSStringFormat escapes JavaScript metacharacters; nothing more, nothing
less. That's all it does, and that's all it's supposed to do.
> The
So, do you consider that to be a browser bug or is the replace method
really the "right" way to do it?
I mean, it seems logical why my browser acts the way it does-- but the
solution sure seems kludgy... it just doesn't seem right.
~Brad
-Original Message-
From: Barney Boisvert [mailto:[
Right... Excellent I forgot you could set permissions at a very granular
level like that.
-Original Message-
From: DURETTE, STEVEN J (ATTASIAIT) [mailto:[EMAIL PROTECTED]
Sent: Monday, December 31, 2007 2:03 PM
To: CF-Talk
Subject: RE: Keeping Anon access off & turning on Scheduled
Since you are using IIS... You could also go into the IIS Administrator
drill down to the file, then choose properties. From there go to
security and set it to allow Anon.
IIS allows these settings at the file level. Helps if you are just
having tasks run that don't need to be secured. You could
that'd probably be worthwhile, as i've had stuff kicked back as well
when replying to Oguz (both here and on community) :)
On Dec 31, 2007 11:33 AM, Michael Dinowitz <[EMAIL PROTECTED]> wrote:
> I'll write a new function for his name alone. :)
>
> On Dec 31, 2007 2:29 PM, Barney Boisvert <[EMAIL P
I'll write a new function for his name alone. :)
On Dec 31, 2007 2:29 PM, Barney Boisvert <[EMAIL PROTECTED]> wrote:
> Actually, I get it a fair amount, usually because of non-English names in
> quoted messages. Oguz (from Teratech, I believe) use a non-ASCII
> character,
> for example.
>
Actually, I get it a fair amount, usually because of non-English names in
quoted messages. Oguz (from Teratech, I believe) use a non-ASCII character,
for example.
cheers,
barneyb
On Dec 31, 2007 11:13 AM, Michael Dinowitz <[EMAIL PROTECTED]>
wrote:
> The original post had Hebrew pasted into the
There is a username and password attribute for scheduled tasks. It requires
that you allow the "plain text" option I believe.
Barring that you can set up a site that mirrors your web site but does allow
anon access and have it respond only to 127.0.0.1. That would allow your
tasks to run but not
Hi Folks -
I am looking for someone who may have done something like this before and
remembers what needs to be done! ;-)
I have an intranet web site already built and running fine. It currently has
Anonymous access turned off. This allows the web site to pull the user's
cgi.auth_user info t
The original post had Hebrew pasted into the text. Many mail clients will
see the Hebrew and treat it as extended characters. A response with extended
characters has to be encoded and they use base64 encoding. A TON of spam
uses base64 encoding and the list only allows plain text. It's a rare
probl
It shouldn't do that. It formats a string, and all of those characters are
valid characters within a JS string. You wouldn't want to do anything
special if you were serving a JS file out to the browser; it's only when
you're serving JS embedded in an HTML file that you need to worry about
tags i
I had always believed that jsstringformat did absolutely everything
necessary to string of text in order to set it into a JavaScript string
variable.
I realized last night I was wrong.
The following HTML example will error:
alert('');
Even though the text "" is a perfectly es
That was it Ray. Thanks.
Matt
On Dec 31, 2007 9:52 AM, Raymond Camden <[EMAIL PROTECTED]> wrote:
> Don't forget that when you call a web service, CF caches the WSDL
> response. If you are editing the WS, you need to refresh the WSDL
> cache in the CF Admin, or use the refreshwsdl option in CF8.
>
Someone earlier today posted about BlogCFC/Hebrew. When I responded,
my post was rejected by cf-talk. The error mentioned something about a
base64 email. Not sure why it didn't work as it seemed fine in gmail.
Anyway, here is what I had said.
Does BlogCFC work ok with Hebrew when you use it direct
Thanks guys...
I'll add those two to my list. Cutter is actually speaking at Webmaniacs so
unfortunately no other team member will probably be able to go to that one.
andy
-Original Message-
From: Sean Corfield [mailto:[EMAIL PROTECTED]
Sent: Monday, December 31, 2007 11:07 AM
To: CF-
table cells closed without being opened, or content between and next
?
-Original Message-
From: Nathan C. Smith [mailto:[EMAIL PROTECTED]
Sent: Monday, December 31, 2007 10:55 AM
To: CF-Talk
Subject: cfmenu is rendering under other page content
I'm having a problem where cfmenu and rela
On Dec 31, 2007 8:01 AM, Andy Matthews <[EMAIL PROTECTED]> wrote:
> I wonder if anyone knows what the differences might be in performance vs
> each of these methods. I sort of suspect that our current method has more
> overhead than the proposed method but I'm not sure how to prove it, or to
> test
Silverlight
Javascript frameworks
Location based services
WiMax
> I have a friend who'll be teaching a course on "Emerging web
> technologies"
>
> The course will give students some insight into the newest
> technologies being used in web development today.
>
> Do you guys have any suggestio
On Dec 31, 2007 7:54 AM, Andy Matthews <[EMAIL PROTECTED]> wrote:
> But I also don't want to limit myself to only CF conferences. I'd also be
> interested in attending conferences about Flash, Flex, Javascript, etc.
The 360Flex series is always good:
http://www.360conferences.com/360flex/ or http:
Relative positioning?
Adrian Lynch
-Original Message-
From: Nathan C. Smith [mailto:[EMAIL PROTECTED]
Sent: 31 December 2007 15:55
To: CF-Talk
Subject: cfmenu is rendering under other page content
I'm having a problem where cfmenu and related menu items are rendering
beneath other con
I am having trouble submitting hebrew text to blogCFC from anywhere/everywhere.
It doesnt work from Google Docs, Windows Live Writer, Adobe Contribute, Ecto,
etc...
The problem seems to be in the encoding, but I dont know much more than that.
What happens is, the following source text:
×
There are similar functions on CFLib. I believe reGetAll.
On Dec 31, 2007 1:01 AM, Adrian Lynch <[EMAIL PROTECTED]> wrote:
> REMatch() is new to CF8, as is the array attribute in cfloop.
>
> Change the cfloop to an indexed loop and use
> http://www.cftagstore.com/tags/cfreextract.cfm or similar fo
How about Web Maniacs?
http://www.webmaniacsconference.com/
It is still CF related, but also includes Flex/AIR.
On Dec 31, 2007 9:54 AM, Andy Matthews <[EMAIL PROTECTED]> wrote:
> Hey everyone...I've got a question about conferences...
>
> My boss just asked our team to indicate which (if any) co
My company has a dynamic codebase which programmatically creates 2000+
applications (one for each site we host). Everything unique to a site is
stored in either the app scope, or session scope (for each user). I've
tossed out the concept of changing our codebase to have just ONE application
(per se
I'm having a problem where cfmenu and related menu items are rendering
beneath other content on the page. Both pictures and images. What kind of
things should I be looking for as a cause for this? I don't have any styles
specified for cfmenu or cfmenuitems.
I'm using some simple css to style th
If you've changed the webservice recently, you might need to refresh
the stubs on the VPS server via the CF administrator.
On Jan 1, 2008 12:06 AM, Matt Williams <[EMAIL PROTECTED]> wrote:
> I thought about case sensitivity and double-checked it all. And I'm
> not sure where the case sensitivity w
Hey everyone...I've got a question about conferences...
My boss just asked our team to indicate which (if any) conference we might
wish to attend this year. I know about the big ones:
CFUnited
MAX
CFObjective
But I also don't want to limit myself to only CF conferences. I'd also be
interested
Don't forget that when you call a web service, CF caches the WSDL
response. If you are editing the WS, you need to refresh the WSDL
cache in the CF Admin, or use the refreshwsdl option in CF8.
On Dec 31, 2007 9:06 AM, Matt Williams <[EMAIL PROTECTED]> wrote:
> I thought about case sensitivity and
I thought about case sensitivity and double-checked it all. And I'm
not sure where the case sensitivity would be wrong as it fails on the
call to the web service...
Any other ideas? Anyone?
Matt
On Dec 29, 2007 12:08 PM, Dominic Watson
<[EMAIL PROTECTED]> wrote:
> Case sensitivity perhaps?
>
> D
Thanks very much for your help, everything works fine ;)
Have a happy new year!
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;223
65 matches
Mail list logo