click-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adrian A. (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CLK-685) Links should be able to restrict parameter binding for Ajax requests
Date Tue, 08 Jun 2010 08:04:11 GMT

    [ https://issues.apache.org/jira/browse/CLK-685?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12876591#action_12876591
] 

Adrian A. commented on CLK-685:
-------------------------------

> The "strict" policy can be set to "on" for Ajax and "off" for normal requests.
What about allowing the user, to be able to set this policy too?
Right now for compatibility reasons we would have: strict=false  but if this behavior is globally
switchable,  we could simply make it to work correctly as it should have been before too (strict=true)
. I think in this case (of a simple global switch) it's not much asked  from the user to follow
the "migration path" and just use "strict=false" if his application is relying on this behavior.

> Links should be able to restrict parameter binding for Ajax requests
> --------------------------------------------------------------------
>
>                 Key: CLK-685
>                 URL: https://issues.apache.org/jira/browse/CLK-685
>             Project: Click
>          Issue Type: Sub-task
>          Components: core
>    Affects Versions: 2.2.0
>            Reporter: Bob Schellink
>            Assignee: Bob Schellink
>             Fix For: 2.3.0-M1
>
>
> AbstractLink binds all incoming request parameters to its own parameter map. This makes
the link quite easy to use but has the potential to leak parameters which isn't targeted at
the link.
> The problem becomes obvious when using Ajax to invoke a link. Any extra parameters passed
for the Ajax request will be added to the link parameter map. We need to introduce a "strict"
parameter binding strategy for links so that only those parameters that was defined *before*
the processing event should be bound. The "strict" policy can be set to "on" for Ajax and
"off" for normal requests.
> See http://click.1134972.n2.nabble.com/AbstractLink-request-parameter-leak-tp5139164p5139164.html
for more details.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message