Jan, file an issue in our jira, and we don't forget about it.
-Matthias On Nov 28, 2007 7:09 PM, Matthias Wessendorf <[EMAIL PROTECTED]> wrote: > Didn't know that XHR is much more secure. > However, I can see that at least some companies have restrictions to use IE6. > In case they want IE6 w/ disabled ActiveX, the same issue ramains. > > Perhaps... we may introduce a "flag" for doing a fallback to IFrame... > (like done w/ a context-param) > Not sure if this is really worth to look at it, right now. > > The good thing for IE7 is, that this guy does support XHR :-) > > -Matthias > > On Nov 28, 2007 6:35 PM, Scott O'Bryan <[EMAIL PROTECTED]> wrote: > > > Jan, > > > > I understand that sometimes companies like this may be unwilling to > > change for security reasons, but the XHR is actually a more secure > > implementation. Because of the nature of iframe, you are open to may > > more exploits then you will be using XHR. This is because using XHR > > requires someone trying to exploit the system to familiar with the > > application being used whereas in the iframe case they need to know only > > that they are in a browser. > > > > If companies want to run in a secure environment, they really need to > > not be running IE6, but rather Mozilla or IE7. As for IE 5.5, I thought > > Trinidad had a minimum technical requirement of IE6 anyway. > > > > Scott > > > > > > Matthias Wessendorf wrote: > > > Hi Jan, > > > > > > yes, we switched to XHR with the release of 1.0.2 (and 1.2.2). > > > There is no way to use IFrame instead of XHR. > > > > > > This will remain, because Ajax is pretty common these days and > > > other JSF-libs have that as well. > > > > > > Providing an option to "fallback" might be possible, but not sure if that > > > will be done. > > > > > > Is "IE 5.5" really still supported by M$? > > > If not, I'd strongly recommend to kick that guy out. > > > Sure... only the IE7 doesn't require ActiveX for XHR, but IE does. > > > > > > I am not aware of a solution for that. > > > > > > Do you have any ideas ? > > > > > > -Matthias > > > > > > On Nov 28, 2007 10:48 AM, Goerss, Jan <[EMAIL PROTECTED]> wrote: > > > > > >> > > >> > > >> Hello all, > > >> > > >> > > >> > > >> we noticed that MyFaces Trinidad is changing the PPR mechanism towards > > >> real > > >> AJAX and the XmlHttpRequest object. > > >> > > >> > > >> > > >> We are using Trinidad is the finance sector. There it is normal that the > > >> clients use the Internet Explorer with deactivated ActiveX. > > >> > > >> Furthermore they use not the newest browsers, so we although need to > > >> support > > >> at least IE 5.5+. > > >> > > >> > > >> > > >> At the beginning of our project we decide to take Trinidad because of > > >> it's > > >> IFrame-PPR solution. > > >> > > >> > > >> > > >> It seems as if it is not possible to choose between the two modes: PPR or > > >> AJAX. > > >> > > >> > > >> > > >> Will this remain? If so why? Otherwise, we think that a lot of Trinidad > > >> library users will encounter problems with their clientsJ > > >> > > >> > > >> > > >> Thanks in advance, > > >> > > >> Jan > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > > > > > > > > > > > > > > > > > > > > -- > Matthias Wessendorf > > further stuff: > blog: http://matthiaswessendorf.wordpress.com/ > sessions: http://www.slideshare.net/mwessendorf > mail: matzew-at-apache-dot-org > -- Matthias Wessendorf further stuff: blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf mail: matzew-at-apache-dot-org
