Includes a library file which defines the three specced OSML tags.
os:PeopleSelector doesn't have a spec for passing in currently selected person/people. Used @selected for single values for now, will raise an issue on the threads.
Also fixes handling of JavaScript and Style tags nested within TemplateDefs
Disables the use of Java-based os:Name (need to remove code)
looks fine to me once sanitization works. http://codereview.appspot.com/53052/diff/1/3 File java/gadgets/src/main/java/org/apache/shindig/gadgets/rewrite/TemplateRewriter.java (right): http://codereview.appspot.com/53052/diff/1/3#newcode107 Line 107: String ...
16 years, 9 months ago
(2009-04-29 20:16:32 UTC)
#1
looks fine to me once sanitization works.
http://codereview.appspot.com/53052/diff/1/3
File
java/gadgets/src/main/java/org/apache/shindig/gadgets/rewrite/TemplateRewriter.java
(right):
http://codereview.appspot.com/53052/diff/1/3#newcode107
Line 107: String content = IOUtils.toString(this.getClass().getClassLoader().
Use o.a.s.c.util.ResourceLoader
http://codereview.appspot.com/53052/diff/1/3#newcode212
Line 212: styleElement.setAttribute("type", "text/css");
TODO - Support non-inline CSS and JS?
Is the injected script considered safe to bypass sanitization? If so it should
be marked using SanitizingGadgetRewriter.bypassSanitization
http://codereview.appspot.com/53052/diff/1/3 File java/gadgets/src/main/java/org/apache/shindig/gadgets/rewrite/TemplateRewriter.java (right): http://codereview.appspot.com/53052/diff/1/3#newcode212 Line 212: styleElement.setAttribute("type", "text/css"); On 2009/04/29 20:16:32, louiscryan wrote: > ...
16 years, 9 months ago
(2009-04-29 22:46:58 UTC)
#2
http://codereview.appspot.com/53052/diff/1/3
File
java/gadgets/src/main/java/org/apache/shindig/gadgets/rewrite/TemplateRewriter.java
(right):
http://codereview.appspot.com/53052/diff/1/3#newcode212
Line 212: styleElement.setAttribute("type", "text/css");
On 2009/04/29 20:16:32, louiscryan wrote:
> TODO - Support non-inline CSS and JS?
>
> Is the injected script considered safe to bypass sanitization? If so it should
> be marked using SanitizingGadgetRewriter.bypassSanitization
I don't think we need to support such things - the spec says nothing of
non-inline JS/CSS.
Also, I think javascript in such blocks is subject to getting sanitized, since
template libs generally come from third-party URLs.
Perhaps the OSML library can be the exception to this rule.
http://codereview.appspot.com/53052/diff/2001/3007 File java/gadgets/src/main/java/org/apache/shindig/gadgets/rewrite/TemplateRewriter.java (right): http://codereview.appspot.com/53052/diff/2001/3007#newcode243 Line 243: StringBuffer output = new StringBuffer(); On 2009/05/08 20:29:53, ...
16 years, 9 months ago
(2009-05-11 17:12:15 UTC)
#7
http://codereview.appspot.com/53052/diff/2001/3007
File
java/gadgets/src/main/java/org/apache/shindig/gadgets/rewrite/TemplateRewriter.java
(right):
http://codereview.appspot.com/53052/diff/2001/3007#newcode243
Line 243: StringBuffer output = new StringBuffer();
On 2009/05/08 20:29:53, louiscryan wrote:
> Can use JsonSerializer.appendString to do the escaping.
Done
http://codereview.appspot.com/53052/diff/2001/3007#newcode261
Line 261: return '"' + output.toString().replace("</script>", "</scri\" +
\"pt>") + '"';
On 2009/05/08 20:42:15, etnu00 wrote:
> You don't need any hacks like this for closing script tags. Just replacing
> </script> with <\/script> is sufficient (and the 'proper' way).
Good point. Though this doesn't matter any longer with the use of
JsonSerializer.
http://codereview.appspot.com/53052/diff/2001/3005
File
java/gadgets/src/test/java/org/apache/shindig/gadgets/templates/LibraryTagRegistryTest.java
(right):
http://codereview.appspot.com/53052/diff/2001/3005#newcode82
Line 82: reg.getHandlerFor(foo);
On 2009/05/08 20:29:53, louiscryan wrote:
> I would have expected a test to make sure that I got the right TagHanlder
> instance here.
Added
Issue 53052: OSML support for server-side templates
Created 16 years, 9 months ago by levik
Modified 16 years, 9 months ago
Reviewers: shindig.remailer_gmail.com, louiscryan, awiner, etnu00
Base URL: http://svn.apache.org/repos/asf/incubator/shindig/trunk/
Comments: 10
