click-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bob Schellink (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (CLK-685) AbstractLink should only bind explicitly defined parameters for Ajax requests
Date Sun, 14 Nov 2010 11:13:14 GMT

     [ https://issues.apache.org/jira/browse/CLK-685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Bob Schellink resolved CLK-685.
-------------------------------

    Resolution: Fixed

done

> AbstractLink should only bind explicitly defined parameters for Ajax requests
> -----------------------------------------------------------------------------
>
>                 Key: CLK-685
>                 URL: https://issues.apache.org/jira/browse/CLK-685
>             Project: Click
>          Issue Type: Sub-task
>          Components: core
>    Affects Versions: 2.2.0
>            Reporter: Bob Schellink
>            Assignee: Bob Schellink
>             Fix For: 2.3.0-M1
>
>
> AbstractLink binds all incoming request parameters to its own parameter map. This makes
the link quite easy to use but has the potential to leak parameters which isn't targeted at
the link. It also duplicates the parameters already present on the Context.
> The problem becomes obvious when using Ajax to invoke a link. Any extra parameters passed
for the Ajax request will be added to the link parameter map.
> It is not common for applications to use link.getParameter and with the above mentioned
issues I suggest we remove getParameter, getParameterValues and getParameters from AbstractLink.
Click won't bind incoming request parameters to the link. However it will still be possible
to set link parameters and render them.
> See http://click.1134972.n2.nabble.com/AbstractLink-request-parameter-leak-tp5139164p5139164.html
for more details.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message