no separateScripts has also no affect, all JavaScript in my result are
removed.
Jeromy Evans - Blue Sky Minds wrote:
http://struts.apache.org/2.x/docs/dojo-div.html
separateScripts
j.
--
View this message in context:
I don't think this is a critical problem sheerly because the high
prevalence of such vulnerabilities means some of the responsibility
falls on the developer to not trust user-entered data.. The specific
vulnerability is that when includeParams != none, the request URL was
rendered unmodified
Hi list,
I am new to Struts and started off with a few examples I found on
the web. However, I just can't figure out how to validate input in the
jsp pages. I have an action named GuestBookAction and it's validation
file named GuestBookAction-validation.xml, where should the validation
xml be
hmm... take a look at the generated HTML and each tab's div looks
similar to like:
div dojotype=struts:BindDiv scriptseparation=false executescripts=true
...
Also, see the parseContent attribute of the head tag.
http://struts.apache.org/2.x/docs/dojo-head.html
Dojo parses your HTML, extracts
Gaurav Arora wrote:
I have an action named GuestBookAction and it's validation
file named GuestBookAction-validation.xml, where should the validation
xml be placed in the application hierarchy?
It's fine if you put it exactly besides the java source file of your
action; for example
And I can visit it to get an insight about S2.
Thx.
--
View this message in context:
http://www.nabble.com/Who-can-show-me-some-sites%28Web2.0-or-not%29-based-on-Struts2--tp14785361p14785361.html
Sent from the Struts - User mailing list archive at Nabble.com.
Good Morning Jeromy
so for my own edification includeParams != none
which essentially covers HTTP GET and HTTP POST transmissions?
There also seems to be a bug with treatment of URLs in AnchorTag classes
specifically
public class AnchorTagTest extends AbstractUITagTest {
private StringWriter
Is this an IE-only thing?
When I do this w/ FF or Safari I get an encoded parameter and it doesn't
execute the JavaScript :/
URL's mergeRequestParameters method calls UrlHelper's parseQueryString, which
in turn calls Java's URLEncoder.encode; while I haven't spent a lot of time
tracking
2008/1/13, Jeromy Evans [EMAIL PROTECTED]:
I don't think this is a critical problem sheerly because the high
prevalence of such vulnerabilities means some of the responsibility
falls on the developer to not trust user-entered data..
This is not the case: I think it is a bug, since the url in
Thanks for the headsup on AbstractRemoteCallUIBean.java setHref
with encode I only see this implementation for the value assoc'ed with key
(but not URL)
in URLHelper.java buildUrl method calls assuming escapeAmp has been set or
not
where is escapeAmp being set to either true/false?
Thanks/
M--
Thanks for the reply Max. I decided to go with Maven to start Struts
apps since that seemed to be the most widely practiced way. Didn't
realise that Maven was excluding the XML files from the build. Works
perfectly after the resource is included in the build.
Thanks once again.
On Jan 13, 2008
I believe http://www.javablogs.com/ is written with S2.
On Jan 13, 2008 7:34 PM, M.Liang Liu [EMAIL PROTECTED] wrote:
And I can visit it to get an insight about S2.
Thx.
--
View this message in context:
It's sort of tricky to learn about a technology by simply looking at a
site. If what you are looking for is a site to learn more about Struts 2, I
would suggest starting here:
http://struts.apache.org/2.x/
On Jan 13, 2008 11:40 AM, Gaurav Arora [EMAIL PROTECTED] wrote:
I believe
in my JSP I've got an JavaScript like this
script language=JavaScript type=text/javascript
alert('It Works!!');
/script
But in the result of struts2 the script tags and the content of the tags are
removed.
newton.dave wrote:
--- Johannes Geppert
Is your JavaScript executed?
d.
--- Johannes Geppert [EMAIL PROTECTED] wrote:
in my JSP I've got an JavaScript like this
script language=JavaScript type=text/javascript
alert('It Works!!');
/script
But in the result of struts2 the script tags and
Hello:
I am trying to figure out the best way to do this:
I have two domains.
I am going to develop two different web sites
which will use the same backend database and have
the same functionality, just a different look and
feel.
Should I:
1. Create two separate webapps? That seems poor
no, this is the main problem. :-)
newton.dave wrote:
Is your JavaScript executed?
d.
--- Johannes Geppert [EMAIL PROTECTED] wrote:
in my JSP I've got an JavaScript like this
script language=JavaScript type=text/javascript
alert('It Works!!');
Hello
What happened to all the tooltip parameters in the struts 2 tags?
I can't use the parameters tooltipConfig, tooltipCssClass, tooltipDelay
and tooltipIconPath in a s:textfield tag. They are not defined in the
tld.
I'm using struts 2.0.11 and I would like to set a custom image for the
Johannes i got same problem time ago.
The script/script is removed from page included by s:div and the
only thing you've is a execution on first page load.. but in few words
you cannot keep function definition inside the page included with a
s:div.
It's really a strange thing.. but it is.
On Jan
Hi Neil,
When you say Look and Feel are you referring to just the visual aspects of
the site or are you referring to a marked difference in front-end
functionality?
If you are not providing differing functionality or the functionality being
provided is mostly similar to the current site, your
2008/1/13, Rod Bollinger [EMAIL PROTECTED]:
Additionally, if your current site is not already using Tiles, you should
consider refactoring to add this flexibility. With a Tiles and CSS-based
approach you can completely re-use your current middle and back-end tiers
with little or no
Commons Logging will initialize Log4j automatically if it's present, so
you don't need to do that. You do need log4j.jar in your lib directory,
though, if you want to use it. You can then write your logging using
either the Log4j API directly or using the Commons Logging API,
whichever you
GF wrote:
Hi all
I'm using Struts 2.0.6 If I try to set encode to true and I pass in
the URL get some bad characters.. such as '', '' it doesn't encode
them when it generates the URL with s:url
Is this a bug? Has been fixed in recent version?
Thanks
s:url sets encode to true by default, but
Antonio Petrelli wrote:
2008/1/13, Jeromy Evans [EMAIL PROTECTED]:
I don't think this is a critical problem sheerly because the high
prevalence of such vulnerabilities means some of the responsibility
falls on the developer to not trust user-entered data..
This is not the case: I
Hi, I have the same problem. Any requested URL that has an extension is no
longer accessible, like .css and .js, as well as .jsp.
I haven't been able to find a solution either.
I also want to use a blank extension.
In the meanwhile, have you found a solution?
cheers
On Dec 13, 2007 3:54 PM,
GF wrote:
I think that a good framework is a framework that helps the developer
to not create security issue in his applications.
I agree and Struts2 does that for the most part. Almost every attribute
of every tag in struts2 it HTML escaped. However, the href attribute in
particular
I didn't really make use of maven, instead, I imported the struts-blank war
file into Eclipse which would create a project for me automatically. That
way I can see where to place the XML files.
On Jan 13, 2008 7:53 PM, Gaurav Arora [EMAIL PROTECTED] wrote:
Hi list,
I am new to Struts and
Rod:
The functionality will be exactly the same for
each site.
How do I tell struts to load a given set of
tiles based on the domain name?
Thanks,
Neil
--
Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com
but in the showcase is an example of remote divs,
and this works with script tags.
GF-7 wrote:
Johannes i got same problem time ago.
The script/script is removed from page included by s:div and the
only thing you've is a execution on first page load.. but in few words
you cannot keep
Great work, Keep it up. I have just started with will post a review when I am
done.
Thanks
Ian Roughley wrote:
I'm pleased to announce the release of my newest book, Practical Apache
Struts2 Web 2.0 project. And, no, I didn't pick the name :-)
Where Starting Struts2 was high level and
30 matches
Mail list logo