Yeah - they are big...this is a large application that started in Struts 1
about 16 years ago. I've attached the various console log outputs we've seen.
There's also this subsection of another file (that file is about over 3000
lines...
function changeSubordinateListDate(theWholeLinkId, theOrigionalLinkIdHREF,
theDateIdPrefix)
{
try
{
var month = document.getElementById(theDateIdPrefix+"MM").value;
var day = document.getElementById(theDateIdPrefix+"DD").value;
var year = document.getElementById(theDateIdPrefix+"YYYY").value;
// 14.1.1 - Replaced the following href call with string variable.
04/12/2017 - JRL.
var href = theOrigionalLinkIdHREF +
"?formattedDate="+month+"/"+day+"/"+year;
document.getElementById(theWholeLinkId).href = href;
}catch(e){}
return true;
}
Other things we're seeing in developer tools that aren't in the attached logs:
Content Security Policy blooks inline execution of scripts and stylesheets
The Content Security Policy prevents cross-site scripting attacks by blocking
inline execution of scripts and style sheets.
To solve this move all inline scripts (eg onclick=[35 code]) and styles into
external files.
Adding unsafe-inline as a source to the CSP header
Adding the hash or nonce of the inline to your CSP header
AND:
incorrect use of <label for=FORM ELEMENT>
Page Layout may be unexpected due to Quirks Mode
-----Original Message-----
From: Lukasz Lenart <lukaszlen...@apache.org>
Sent: Wednesday, June 12, 2024 1:35 AM
To: Struts Users Mailing List <user@struts.apache.org>
Subject: Re: [EXTERNAL] Re: POP Up Data List Window Struts 6.4 (and 6.3) v
6.1.2.1
I tried to analyze the files but they are too big :\ Also I don't see any
attachment related to Dev tools - bear in mind that only text based attachments
are allowed.
Could you repost Dev tools or maybe put it somewhere?
wt., 11 cze 2024 o 14:08 Nordmeyer, William, E (Serco NA)
<william.nordme...@serco-na.com.invalid> napisał(a):
>
> Lukas,
>
> Here's the info Developer Tools is displaying when we run in it. Are there
> security settings we need to tweak?
>
> Will
>
> -----Original Message-----
> From: Nordmeyer, William, E (Serco NA)
> Sent: Monday, June 10, 2024 9:43 AM
> To: Struts Users Mailing List <user@struts.apache.org>
> Subject: RE: [EXTERNAL] Re: POP Up Data List Window Struts 6.4 (and
> 6.3) v 6.1.2.1
>
> Sending again since it seems the JSP was stripped by email filters.
>
>
>
> -----Original Message-----
> From: Nordmeyer, William, E (Serco NA)
> <william.nordme...@serco-na.com.INVALID>
> Sent: Monday, June 10, 2024 9:26 AM
> To: Struts Users Mailing List <user@struts.apache.org>
> Subject: RE: [EXTERNAL] Re: POP Up Data List Window Struts 6.4 (and
> 6.3) v 6.1.2.1
>
>
> Lukas,
>
> Here are the files.
>
> -----Original Message-----
> From: Lukasz Lenart <lukaszlen...@apache.org>
> Sent: Friday, June 7, 2024 11:45 AM
> To: Struts Users Mailing List <user@struts.apache.org>
> Subject: [EXTERNAL] Re: POP Up Data List Window Struts 6.4 (and 6.3) v
> 6.1.2.1
>
> ⚠️
> WARNING
> STOP: Do you recognize this sender?
> This email originated from outside of the organization and should be treated
> with EXTREME CAUTION.
> DO NOT click links or open attachments unless you are ABSOLUTELY CERTAIN the
> contents are safe.
> Not sure? Forward this email to phish...@serco-na.com.
> ⚠️
> WARNING
>
> pt., 7 cze 2024 o 14:49 Nordmeyer, William, E (Serco NA)
> <william.nordme...@serco-na.com.invalid> napisał(a):
> > We are looking to upgrade to Struts 6.4 and seeing issues with our PoP up
> > data list window. They worked in 6.1.2.1 but in 6.4, the data appears to
> > be in the HTML but the screens are not rendering.
> >
> > The EmployeeID isn’t populating. The RSUPER isn’t expanding to
> > drill down
> >
> > The data that appears is different.
> > Double-clicking a Responsible Super with a + beside it does NOT
> > expand/drilldown in 6.4.0.
>
> Could you share your JSP page and the rendered Html?
>
>
> > See attached Screenshots.
>
> It didn't pass through
>
>
> Regards
> --
> Łukasz
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
> This e-mail and any attachments are for the intended recipient(s) only and
> may contain proprietary, confidential material. If you are not the intended
> recipient, (even if the email address above is yours) do not use, retain,
> copy or disclose any part of this communication or any attachment as it is
> strictly prohibited and may be unlawful. If you believe that you have
> received this e-mail in error, please notify the sender immediately and
> permanently delete. This email may be a personal communication from the
> sender and as such does not represent the views of the company. Thank you.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
