On 3/16/07, Dale Newfield [EMAIL PROTECTED] wrote:
There are two discussions here that are getting convoluted: WHEN to
clean and HOW to clean. I still have yet to find a good comprehensive
way to do the latter (more below), but right here I'm responding to the
former.
Christopher Schultz
There are some older documentation at
http://boss.bekk.no/boss/portletwork/architecture.html and
http://boss.bekk.no/boss/portletwork/explained.html that explains some
of the key concepts. Some of the stuff is outdated, but the core
functionality is the same.
The Ajax limitations are basically
--- Leon Rosenberg wrote:
And even with an rdbms, have you ever tried to
update like 1.000.000 rows of an in production db
under traffic?
Stuff like that happens all the time, although I tend
to do such things at low-traffic times or on a
replicated DB (yeah, moving it back takes time too,
Hi,
I have a problem with Struts tags.
I can't use any expression (EL, runtime) in the tag attributes :
html:text property=num_linea[${i}] /
html:text property=num_linea[%=i%] /
The result is an error: Invalid argument looking up property:
num_linea[%=i%]
I suppose i have something
How do I implement client-side validation code for a custom validator?
I have developed a custom validator that should generate client-side
validation Javascript code, but I can't figure out where the
implementation should lie. The actual official validators
implementations don't host such code
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dale,
Dale Newfield wrote:
Christopher Schultz wrote:
If you /are/ capturing text you will be using that /can/ contain HTML
markup, then cleaning it as it comes in is still a mistake. Let's say
you have a bug in your cleansing code. In that case,
Hi Dave,
On 3/16/07, Dave Newton [EMAIL PROTECTED] wrote:
--- Leon Rosenberg wrote:
And even with an rdbms, have you ever tried to
update like 1.000.000 rows of an in production db
under traffic?
Stuff like that happens all the time, although I tend
to do such things at low-traffic times or
In the Struts 2.0.6 release, we made the mistake of setting devMode to
true in some of the example applications. As a result, some developers
copied the setting, and then wondered why their Struts 2 application
seemed sluggish!
As of Struts 2.0.7 (coming soon), we've added a Performance Tuning
Ok, this is my argument for filtering input:
1) I don't want bad code (javascript or other) making into my db in the
first place, ever.
2) You have to validate as input comes in anyways and THIS is where your
validation logic is housed:
- if field is Date, check it; 'username' then
Hi List,
I need my own interceptor to be able to access parameters. In my
struts.xml I have something like:
interceptor name=myInter class=MyInterceptor
param name=cid1234/param
/interceptor
My Interceptor Stack contains:
interceptor-ref name=myInterparam
--- Joseph McGranaghan [EMAIL PROTECTED]
wrote:
I guess I just don't see an argument for filtering
it on the way out. What if you miss something?
Couldn't you miss it on the way in, too?
d.
We won't tell.
The way I solve this is by returning the value you want and setting up the
action chain on struts.xml file:
Example:
class MyAction 1 .. {
public String execute(){
if(foo)
return foo;
else
return bar;
}
Then on the Strutus XML file:
Ok, I'm going to pay attention to the problem, the XSS filter:
I am using a 'blacklist', because my users need to enter as much X\HTML
as I can possibly allow them.
So, tags I'm originally NOT allowing are:
applet script embed object server frame iframe frameset
html body
I'm removing all
--- Leon Rosenberg wrote:
Hmm, the OP said:
I am trying to find a best solution to prevent
Cross site scripting attacks.
Oops. Yep, I guess I latched on to the discussion
after the but I need to allow markup bit; sorry.
Allowing the user to inject HTML markup in your
pages is the road to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi folks,
Anyone out there know of a tool that is Open Source that will create a
diagram of actions and forwards from a struts-config.xml file?
- --
Peter L. Berghold
Hi,
is it possible to use DispatchAction with struts-faces integration
library + tiles?
All my tests the execute method was called even if I specify on the
URL the method name.
Thanks,
Rodrigo Pereira
-
To unsubscribe, e-mail:
Can't help you out with that problem, as I haven't played with the Portlet
stuff. Sorry.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
Joseph McGranaghan wrote:
Ok, this is my argument for filtering input:
(Note that I'm sure we can argue all day over whether input vs. output
filtering is better; I'd prefer to state my opinion and get on with it).
1) I don't want bad code
Don't recommend using the struts-el taglib if you don't know what
environment the user is in. The struts-el taglib can't be used in a JSP
2.0 environment.
-Original Message-
From: Strachan, Paul [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 15, 2007 5:50 PM
To: Struts Users
Hi!
This is probably a missing feature in the portlet framework. The
SessionAware interface aparently doesn't work when inside a portlet.
The other approach you use should work, but if it doesn't, try using
the ActionContext to get the session map and put it there.
Nils-H
On 3/16/07, tom tom
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
Joseph McGranaghan wrote:
So, tags I'm originally NOT allowing are:
applet script embed object server frame iframe frameset
html body
Okay.
If you're going to do this:
I'm removing all javascript event attributes (
Doesn't JDeveloper do that?
musachy
On 3/16/07, Peter L. Berghold [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi folks,
Anyone out there know of a tool that is Open Source that will create a
diagram of actions and forwards from a struts-config.xml file?
- --
hi, how can I make struts2 find jsp files outside the webcontext. if the
solution is to specify the full path, how can I do to externalize the base
path as a property/variable/constant.
Thanx in advance.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Musachy Barroso wrote:
Doesn't JDeveloper do that?
MyEclipseIDE does too, but it ran out of heap when it tried to export to
a JPG on me. :-(
I'm hoping there's something out there that was written to feed Dia or
Open Office or something on that
There are a number of tools in the Eclipse space that can do this ( i.e.
they run as Eclipse plugins/features and using the underlying GEF framework
).
One that I can think of off the top of my head is StrutsIDE :
http://amateras.sourceforge.jp/cgi-bin/fswiki_en/wiki.cgi?page=StrutsIDE
Exadel
Thanks for the feedback Chris.
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
Joseph McGranaghan wrote:
So, tags I'm originally NOT allowing are:
applet script embed object server frame iframe frameset
html body
Okay.
If you're going to do this:
--- Peter L. Berghold wrote:
I'm hoping there's something out there that was
written to feed Dia or Open Office or something on
that order.
FWIW, I wrote a hacked-up Ruby script that exports to
DOT (and will update for yEd) that also grabbed
html:link.../ and a.../ (to Actions) in like 3-4
Hi,
This is probably a naive question, but I've looked around a bit and
couldn't find a simple answer. Why does the simple theme in Struts 2
include Dojo at all?
I know it's minimal inclusion, but it's still a contamination that
goes against the stated principle of the simple theme: to render
All of these tips are great. I'm glad this page exists.
I'd love a bit of clarification about the location of the template
directory, however. I could be the only one, but I find it a little
confusing.
* Copy the /template directory from the Struts 2 jar in your
WEB_APP root
Does
On 2.1(trunk) we are removing Dojo from core to a plugin, so that won't be a
problem anymore. Only for tooltips we'll use javascript (no Dojo anyway).
Here is the jira ticket:
https://issues.apache.org/struts/browse/WW-1607
musachy
On 3/16/07, Yoav Shapira [EMAIL PROTECTED] wrote:
Hi,
This
Hey guys, I'm gonna start this as an [OT] as a courtesy.
Found a scenario where filtering the output won't do, I think.
I'm doing an all ajax webapp.
I send an internal mail message to a users inbox,
the same as a user-to-user would.
Embedded in the message is this:
div style=margin: 0px
I've done EL expressions like you want to do. Try using the -el
version of the html tag:
html-el:text property=num_linea[${i}]/
On 3/16/07, irene [EMAIL PROTECTED] wrote:
Hi,
I have a problem with Struts tags.
I can't use any expression (EL, runtime) in the tag attributes :
html:text
Christopher Becker wrote:
Another issue - I wish to allow users to modify content to records
saved to the database, by loading up the same (or identical ) form
referenced below with a saved record and allow for modifications. I do
this in an action which retrieves the record from the
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
Joseph McGranaghan wrote:
So, tags I'm originally NOT allowing are:
applet script embed object server frame iframe frameset
html body
Okay.
If you're going to do this:
I'm removing all javascript event
Dave Newton wrote:
--- Jonatas Gustavo Rodrigues wrote:
In this way, this object (like an UIComponent) could
be used for an registered Result object to render
the result (this Tapestry).
I expect that you could create a result type mapping
from a String result to whatever you wanted, the
Shuai Zheng wrote:
Dear All,
I try to use my own setting to overwrite the default settings.
Following line is added into my struts.properties:
struts.configuration.files=struts-heal-default.xml,struts-plugin.xml,
struts.xml
I have a struts-heal-default.xml in my classpath to re-define the
Piwoni, Andre wrote:
I'm working on a large and complex web application. One of the things
that bothers me is a WizardAction with one ActionForm working on
multiple JSP pages. All of these JSP pages have hardcoded action URLs
that map to struts actions. I'd like to re-use several JSP pages form
You probably *don't* want the -el taglibs on Tomcat 5. You will need to
make sure your web.xml uses the Servlet 2.4 style namespace declaration,
though, to get EL working.
For scriptlets, your problem is invalid syntax. An attribute value can
be either plain text, or an RT expression. You
Down below...
Laurie Harper wrote:
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
Joseph McGranaghan wrote:
So, tags I'm originally NOT allowing are:
applet script embed object server frame iframe frameset
html body
Okay.
If you're going to do this:
I'm
Valentin von Seggern wrote:
Hi List,
I need my own interceptor to be able to access parameters. In my
struts.xml I have something like:
.
interceptor name=myInter class=MyInterceptor
param name=cid1234/param
/interceptor
.
My Interceptor Stack contains:
.
interceptor-ref
The 'templates' directory should be a sibling of WEB-INF.
L.
Eric Rank wrote:
All of these tips are great. I'm glad this page exists.
I'd love a bit of clarification about the location of the template
directory, however. I could be the only one, but I find it a little
confusing.
* Copy
Enrique da Costa Cambio wrote:
hi, how can I make struts2 find jsp files outside the webcontext. if the
solution is to specify the full path, how can I do to externalize the base
path as a property/variable/constant.
Thanx in advance.
I don't think you *can* do that, at least not in any way
Joseph McGranaghan wrote:
Better safe than sorry ;-) As someone else posted, though, you also
have to be wary of things like java\nscript:alert('scripty') in
attribute values and other 'interesting' variations. Same for CSS
style rules. As mentioned above, IE supports invoking behaviour from
/Nope. What about div align=javascript:alart('GOT YA')? Or
Javascript injection through CSS in IE? What about any new Javascript
injection mechanism that some browser adds down the line... ;-) /
Which browser did you get this injection to work on? Other than fixing
the misspelling of alert,
I'll explain myself:
This is the thing:
I have a (eclipse) project with the app middle layer. I have another project
that wires this layer using spring. Then I have another project implementing
the view using struts2. Finally, I have a fourth project that integrates all
the spring project and the
Thanks for the clarification, Laurie. That's what I suspected, but
wasn't sure. Now I know!
Thanks,
Eric
The 'templates' directory should be a sibling of WEB-INF.
L.
Eric Rank wrote:
All of these tips are great. I'm glad this page exists.
I'd love a bit of clarification about the
Hi,
Does anyone knows how to change the default .css for TabbedPanel without
change that inside the jar?
I need change the colors of Labe and the image of the tab.
regards,
Felipe
--
View this message in context:
http://www.nabble.com/TAbbedPanel-and-CSS-tf3416215.html#a9520481
Sent from the
You can use the interceptor ServletConfig to get HTTPServletRequest and
HTTPServletResponse.
But hte best way is to implements SessionAware interface in your action
class.
Take a look at this link.
http://struts.apache.org/2.x/docs/how-do-we-get-access-to-the-session.html
regards,
Felipe
I have been unable to find how to use Struts2 with *both* JSF and
Tiles. Each is implemented by setting the action result type
attribute to jsf and tiles respectively. How do you include both
types. Is there an interceptor stack which could do this? Is there
some compound result type? Can
You can use the templateCssPath property to point to your css.
musachy
On 3/16/07, Nate Drake [EMAIL PROTECTED] wrote:
Felipe Rodrigues feliperod777 at yahoo.com.br writes:
Hi,
Does anyone knows how to change the default .css for TabbedPanel without
change that inside the jar?
I need
Awesome! I didn't realize that. Thanks.
Musachy Barroso musachy at gmail.com writes:
You can use the templateCssPath property to point to your css.
musachy
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
Felipe Rodrigues feliperod777 at yahoo.com.br writes:
Hi,
Does anyone knows how to change the default .css for TabbedPanel without
change that inside the jar?
I need change the colors of Labe and the image of the tab.
regards,
Felipe
I was able to do this, but it is kinda ugly. We
Hi all,
That's not the whole question.
I've been using only the controller + tiles of Struts for years and I
managed to create a big web site http://www.skillipedia.com Skillipedia .
If I will be using Struts2 without using the tags s:xxx, do I still
need to the latest Struts.
Cheers
But what exactly are the css's that I have to override?
I mean, what properties does TabbedPanel allow to set from css?
Is there any place to find it out?
I'm asking this because I didn't found any place at TabConteiner.css setting
up the font of a Tab.
Another question would be, where does
You can use struts2 with struts1-plugin.
It will give you the chance to migrate your code by little pieces.
If you plan keep your site in a evolutive way, you should try this option.
Felipe
skillipedia wrote:
Hi all,
That's not the whole question.
I've been using only the controller
I has started to learn S2 a few months ago and then got sidetracked.
I'm willing to tackle the learning curve, but I have a very basic question:
I notice that many people are combining S2 with Spring. I don't know
anything about Spring; I had thought that Spring was another framework,
and
--- Rick Schumeyer wrote:
I had thought that Spring was another framework,
and that you would use either S2 or Spring but not
both.
Spring provides a lot of different functionality;
Spring MVC is the web-ish portion of it. You probably
(but you can!) would not use both Spring MVC and S2.
Look at TabContainer.html here:
http://svn.apache.org/viewvc/struts/struts2/branches/STRUTS_2_0_X/core/src/main/resources/org/apache/struts2/static/dojo/src/widget/templates/
which is the template used by Dojo to build the widget.
regards
musachy
On 3/16/07, Felipe Rodrigues [EMAIL PROTECTED]
Dave Newton wrote:
--- Rick Schumeyer wrote:
I had thought that Spring was another framework,
and that you would use either S2 or Spring but not
both.
Spring provides a lot of different functionality;
Spring MVC is the web-ish portion of it. You probably
(but you can!) would not use
Good question. You could perhaps write a result that wrapped the two,
somehow, but you'd probably need to dig into the source to accomplish
it. If you figure anything out, file a JIRA ticket we can improve
both plugins.
Don
On 3/16/07, Ray Clough [EMAIL PROTECTED] wrote:
I have been unable
--- Rick Schumeyer [EMAIL PROTECTED] wrote:
But doesn't webwork/S2 also provide DI/IOC? Or does
Spring do this for the model part of MVC as well?
Internally S2 uses Guice (right guys?), but you can
tell it to use Spring.
d.
While S2 uses an internal DI container (an early forked version of
Guice), it shouldn't be used by end user applications, and therefore,
Spring is generally the preferred DI container for S2 applications.
The popular Struts 2 Spring plugin provides this integration support.
Interestingly, there
Thanks Don. I don't think my boss would sit still while I dug into the
source code. I suspected that it couldn't be done as things currently
stand, so I guess I'll have to not try it for the time being.
By the Way, do you know that the Struts-JSF plugin cannot render complex JSF
components -
So if I understand correctly, if I plan to use S2, I will also need to
swap out some part of S2 with some part of Spring (and deal with a
Spring learning curve)? And some people are using Spring MVC with S2?
But S2 is also an MVC framework? (And I haven't even asked about things
like tiles
--- Rick Schumeyer wrote:
So if I understand correctly, if I plan to use S2, I
will also need to swap out some part of S2 with some
part of Spring (and deal with a Spring learning
curve)?
No; there's no swapping or anything.
You don't *need* to use Spring, but you are
over-complicating
I have a page configured as follows:
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html; charset=ISO-8859-1 /
titleTest/title
@s.head theme=ajax /
link rel=stylesheet type=text/css href=stylesheets/global.css /
/head
and later in the body
@s.url
I just realized that there is a bug with the autocompleter and freemarker:
http://issues.apache.org/struts/browse/WW-1823
as a workaround use autocompleterModel, it will be fixed for 2.0.7.
regards
musachy
On 3/16/07, Rohit Dewan [EMAIL PROTECTED] wrote:
I have a page configured as follows:
Interesting, well, if you could, file a JIRA ticket so we don't forget
to look into it.
Don
On 3/16/07, Ray Clough [EMAIL PROTECTED] wrote:
Thanks Don. I don't think my boss would sit still while I dug into the
source code. I suspected that it couldn't be done as things currently
stand, so
Hi,
Thanks for the inputs. my req. will not satisfy your suggestion.
My req. is I have to load different Jsps depending on the user
profile. eg http://profile.eg/. for user with profile = abc,
i will have JSps like 1_abc.jsp,2_abc.jsp,3_abc.jsp
for user with profile = def , i will have
That resolved the issue. Thanks!
Is there an ETA for 2.0.7?
Regards,
Rohit
On 3/16/07, Musachy Barroso [EMAIL PROTECTED] wrote:
I just realized that there is a bug with the autocompleter and freemarker:
http://issues.apache.org/struts/browse/WW-1823
as a workaround use autocompleterModel,
Oops, bad example. I guess this is generally more of a problem in a case
such as a href=javascript:
Script injection through CSS is an IE-specific vulnerability; it
supports a non-standard style property (called behaviour? can't recall
off hand) which can execute, at least, Javascript.
skillipedia wrote:
Hi all,
That's not the whole question.
I've been using only the controller + tiles of Struts for years and I
managed to create a big web site http://www.skillipedia.com Skillipedia .
If I will be using Struts2 without using the tags s:xxx, do I still
need to the
72 matches
Mail list logo