tapestry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Markus Jung (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TAP5-1592) Refactor AjaxFormLoop, RemoveRowLink and AddRowLink to make mixin useful for these components
Date Wed, 27 Jul 2011 21:35:10 GMT

    [ https://issues.apache.org/jira/browse/TAP5-1592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13072032#comment-13072032
] 

Markus Jung commented on TAP5-1592:
-----------------------------------

Regarding sub classing - of course it would be possible to provide "secured" sub classes for
all components, but my current solution already works fine for all Tapestry base components.
I have two modes for CSRF protection the auto protection using event request handler and a
decorator for the component event link encoder and an explicit mode using mixins. The AjaxFormLoop

component can already be secured with the auto mode but not with the explicit mode. I just
want to make the solution complete.

It would be great to see my module becoming integrated directly in the Tapestry project, therefore
I want to provide as good integration as possible.

> Refactor AjaxFormLoop, RemoveRowLink and AddRowLink to make mixin useful for these components
> ---------------------------------------------------------------------------------------------
>
>                 Key: TAP5-1592
>                 URL: https://issues.apache.org/jira/browse/TAP5-1592
>             Project: Tapestry 5
>          Issue Type: Improvement
>          Components: tapestry-core
>    Affects Versions: 5.3
>            Reporter: Markus Jung
>            Priority: Trivial
>              Labels: javascript
>         Attachments: ajaxFormLoopForMixin.diff, jssupport.diff
>
>
> The AjaxFormLoop component stores the links in the intitializer call map. In order to
modify them in a mixin in the afterRender phase, a public getter for the JavaScriptSupport
interface and the JavaScriptSupportImpl class is required.
> I need this feature for the cross-site request forgery protection, where I use a mixin
to add a token to the rendered event links.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message