[
https://issues.apache.org/jira/browse/WOOKIE-300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ross Gardler updated WOOKIE-300:
--------------------------------
Priority: Minor (was: Blocker)
I was just thinking of simple string replacement from the properties file.
Requiring people to edit the generated config.xml file smells to me - next time
someone makes a change to the widget definition files and regenerates the
widget the changes will be overwritten. I've just made that change in SVN
(property name widget.access.origin with a default value of "foo.bar" which
should be harmless) This is an acceptable interim solution, in my opinion
(dropping priority as a result).
I agree that parsing browse URLs and such would be cool. We don't really have
to wait to a move to a non-ANT build system though. Ant allows scripted tasks
to be defined (see http://www.javaranch.com/journal/2003/12/ScriptingAnt.html).
My intention with these kinds of "lovely to have" features was to implement
them as and when using Javascript tasks and, one day, building a widget to
build widgets from templates. It's a nice dream to have ;-)
> Full whitelist access granted to any widget built from a template
> -----------------------------------------------------------------
>
> Key: WOOKIE-300
> URL: https://issues.apache.org/jira/browse/WOOKIE-300
> Project: Wookie
> Issue Type: Bug
> Components: Template
> Affects Versions: 0.9.2
> Reporter: Ross Gardler
> Priority: Minor
> Fix For: 0.9.2
>
>
> At present the config.xml has a hard coded whitelist of '*'' - not overly
> secure!
> This should be parameterised and limited to the a sensible setting
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
