click-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Malcolm Edgar <malcolm.ed...@gmail.com>
Subject Re: 2.0.1 Roadmap
Date Fri, 27 Feb 2009 12:31:31 GMT
A great feature to add to click-examples is a search field in the top right
hand side of the banner. where you can enter in some free text and it will
display a search results page which lists all the references in the
application source code (Java, HTML, XML, CSS) and links through to a the
source viewer page.
When the application start up all the source code could be loaded a map in
memory which could then be searched using a brute force search.

regards Malcolm Edgar

On Wed, Feb 25, 2009 at 12:41 PM, florin.g <florin@bytenotes.com> wrote:

>
> Bob,
>
> To me (as a hobbyist), Click offers pretty much all I need. I probably use
> a
> subset anyways.
>
> However, convenience is one of the most powerful things in life as well as
> programming. I would add lots of good thing in the extra package that would
> really add value to the programmer's day to day life. Simplicity of
> framework plus convenience, yep, I'd go for it.
>
> Florin
>
>
>
> sabob wrote:
> >
> > florin.g wrote:
> >
> >> - Built in security (cross site, sql injection, etc.)
> >
> >
> > I think SQL injection is better handled by the DB layer e.g. an ORM or
> > PreparedStatement.
> >
> > As for XSS attacks Click controls provides some protection by escaping
> > their values before rendering. However XSS will still be possible
> > through Velocity variables unless they are escaped using
> > Format#html(String):
> >
> > $format.html($msg)
> >
> > Velocity also provides a property to escape all variables or
> > optionally to escape only variables matching a certain expression.
> >
> > Still the best way is probably through an XSSFilter which ensures all
> > HTML entities are escaped. Is this what you had in mind or something
> else?
> >
> > kind regards
> >
> > bob
> >
> >
> >
>
> --
> View this message in context:
> http://n2.nabble.com/2.0.1-Roadmap-tp2364159p2381477.html
> Sent from the click-development mailing list archive at Nabble.com.
>
>

Mime
View raw message