Re: problem in WindowIdHtmlRenderer

2016-04-04 Thread Thomas Andraschko
Hi, we don't take a "complete unchecked" value at all. If you check AbstractClientWindowStrategy#getWindowId() - we cut down the windowId to max. 10 chars. Regards, Thomas 2016-04-05 6:07 GMT+02:00 Thomas Frühbeck : > Hi, > I couldn't find out, how to notify you correctly.. > > Can you please t

problem in WindowIdHtmlRenderer

2016-04-04 Thread Thomas Frühbeck
Hi, I couldn't find out, how to notify you correctly.. Can you please take a look at WindowIdHtmlRenderer, line 62 to 78? My tests confirm, that you take the unchecked value of windowId, which may have been provided by the client at will. So a javascript injection at line 78 is possible. Deta

Re: Awaitility to test async operations?

2016-04-04 Thread Jason Porter
+0 never used it, can't speak to it. On Mon, Apr 4, 2016 at 11:35 AM, John D. Ament wrote: > Hey guys, > > Was wondering what others thought about introducing Awaitlity to test some > of the async code going on? https://github.com/jayway/awaitility > > I've had some good success with it in corp

Awaitility to test async operations?

2016-04-04 Thread John D. Ament
Hey guys, Was wondering what others thought about introducing Awaitlity to test some of the async code going on? https://github.com/jayway/awaitility I've had some good success with it in corporate projects, so I can only speak highly of it. John

Re: Where's index.adoc?

2016-04-04 Thread John D. Ament
Both the site and docs are in adoc. I suspect the landing page format didn't work in adoc. On Apr 4, 2016 12:17, "Jason Porter" wrote: > Does it have to do with the documentation? I know the docs are all in > asciidoc. > > On Sun, Apr 3, 2016 at 6:16 AM, John D. Ament > wrote: > > > Hey guys >

Re: Where's index.adoc?

2016-04-04 Thread Jason Porter
Does it have to do with the documentation? I know the docs are all in asciidoc. On Sun, Apr 3, 2016 at 6:16 AM, John D. Ament wrote: > Hey guys > > Was wondering, does anyone know where index.adoc is? I noticed that I had > to update the html file manually. Is there purposely no equivalent of

[jira] [Commented] (DELTASPIKE-1109) Remove My email account from the Jira mailing list

2016-04-04 Thread John D. Ament (JIRA)
[ https://issues.apache.org/jira/browse/DELTASPIKE-1109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15223976#comment-15223976 ] John D. Ament commented on DELTASPIKE-1109: --- Jorge, you receive emails abou

[jira] [Commented] (DELTASPIKE-1109) Remove My email account from the Jira mailing list

2016-04-04 Thread jorge (JIRA)
[ https://issues.apache.org/jira/browse/DELTASPIKE-1109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15223973#comment-15223973 ] jorge commented on DELTASPIKE-1109: --- Hi John, I think you guys definitely need to h