Return-Path: X-Original-To: apmail-incubator-bloodhound-commits-archive@minotaur.apache.org Delivered-To: apmail-incubator-bloodhound-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B02B8DBA5 for ; Fri, 21 Sep 2012 04:47:33 +0000 (UTC) Received: (qmail 85659 invoked by uid 500); 21 Sep 2012 04:47:33 -0000 Delivered-To: apmail-incubator-bloodhound-commits-archive@incubator.apache.org Received: (qmail 85583 invoked by uid 500); 21 Sep 2012 04:47:31 -0000 Mailing-List: contact bloodhound-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: bloodhound-dev@incubator.apache.org Delivered-To: mailing list bloodhound-commits@incubator.apache.org Received: (qmail 85555 invoked by uid 99); 21 Sep 2012 04:47:30 -0000 Received: from bloodhound-vm.apache.org (HELO bloodhound-vm) (140.211.11.32) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Sep 2012 04:47:30 +0000 Received: from bloodhound-vm.apache.org (localhost [127.0.0.1]) by bloodhound-vm (Postfix) with ESMTP id 0EB888009B; Fri, 21 Sep 2012 04:47:30 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: "Apache Bloodhound" X-Trac-Version: 0.13dev-r1360726 Cc: bloodhound-commits@incubator.apache.org Auto-Submitted: auto-generated X-Mailer: Trac 0.13dev-r1360726, by Edgewall Software X-Trac-Project: Apache Bloodhound Date: Fri, 21 Sep 2012 04:47:29 -0000 Reply-To: bloodhound-dev@incubator.apache.org X-URL: https://issues.apache.org/bloodhound/ Subject: Re: [Apache Bloodhound] #146: Inline editing of objects X-Trac-Ticket-URL: https://issues.apache.org/bloodhound/ticket/146#comment:10 Message-ID: <073.1ea64172d22e7462d519cd198fb9b9a3@incubator.apache.org> References: <058.57224df07188c14f36645fb9758197c6@incubator.apache.org> X-Trac-Ticket-ID: 146 In-Reply-To: <058.57224df07188c14f36645fb9758197c6@incubator.apache.org> #146: Inline editing of objects --------------------------+----------------------- Reporter: jdreimann | Owner: olemis Type: enhancement | Status: accepted Priority: critical | Milestone: Release 2 Component: dashboard | Version: Resolution: | Keywords: --------------------------+----------------------- Comment (by olemis): I have attached two patches . The former incorporates jeditable files into dashboard plugin . I have detected that the library uses built-in `eval()` function to parse [Acronym:JSON JSON] strings rather than safe functions e.g. `$.parseJSON()` . That's a potential security hole afaics . What shall we do about that ? The later patch implements ''Bloodhound'' editable architecture , adds default settings to insert submit button plus a new editable type named `bhselect` supporting option groups . It is still work in progress (so it will be changed in the near future) . However it is offered for the moment as a preview of what's been done in this direction . They have been used to build preliminary incomplete implementation in ticket view . The following screenshot illustrates what it looks like . Feedback is welcome . [[Image(bh_theme_x_66_ticket_inplace_select.png, width=600)]] '''Disclaimer''' Please do not commit any of these yet . -- Ticket URL: Apache Bloodhound The Apache Bloodhound (incubating) issue tracker