ICEfaces
  1. ICEfaces
  2. ICE-6947

Improve new ACE component security with JSONBuilder

          Details

          • Type: Improvement Improvement
          • Status: Closed
          • Priority: Major Major
          • Resolution: Fixed
          • Affects Version/s: 2.0.2
          • Fix Version/s: 3.3
          • Component/s: ACE-Components
          • Labels:
            None
          • Environment:
            ACE
          • Assignee Priority:
            P1

            Description

            The new ACE components use ResponseWriter.write(String) to make un-escaped writes with manually quoted javascript values. It would be better to use JSONBuilder to handle the escaping automatically, and reduce the number of small text nodes we populate the DOM with.

              Issue Links

              depends on

              Improvement - An improvement or enhancement to an existing feature or task. ICE-6978 Augment JSONBuilder to write whole function calls

              • Major - Major loss of function.
              • Closed

                Activity

                Ascending order - Click to sort in descending order
                Mark Collette created issue -
                Ken Fyten made changes -
                Field Original Value New Value
                Salesforce Case []
                Fix Version/s 2.1 [ 10241 ]
                Mark Collette made changes -
                Link This issue depends on ICE-6102 [ ICE-6102 ]
                Mark Collette made changes -
                Link This issue depends on ICE-6978 [ ICE-6978 ]
                Mark Collette made changes -
                Link This issue depends on ICE-6102 [ ICE-6102 ]
                Hide
                Permalink
                Mark Collette added a comment -

                First we'll do ICE-6978, and then we'll go over the the new components and use the new API to clean them up.

                Show
                Mark Collette added a comment - First we'll do ICE-6978 , and then we'll go over the the new components and use the new API to clean them up.
                Ken Fyten made changes -
                Fix Version/s 3.1 [ 10312 ]
                Fix Version/s 3.0 [ 10241 ]
                Ken Fyten made changes -
                Salesforce Case []
                Fix Version/s 3.2 [ 10338 ]
                Fix Version/s 3.1 [ 10312 ]
                Assignee Mark Collette [ mark.collette ]
                Migration made changes -
                Fix Version/s 3.3 [ 10370 ]
                Fix Version/s 3.2 [ 10338 ]
                Repository Revision Date User Message
                ICEsoft Public SVN Repository #33182 Tue Jan 22 16:40:31 MST 2013 nils.lundquist ICE-6947 - ACE components - Use JSONBuilder to concat entire JS init call.
                Files Changed
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/textentry/TextEntryRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/sliderentry/SliderEntryRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/menu/MenuRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/panel/PanelRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/notificationpanel/NotificationPanelRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/confirmationdialog/ConfirmationDialogRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/accordion/AccordionRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/contextmenu/ContextMenuRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/checkboxbutton/CheckboxButtonRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/textareaentry/TextAreaEntryRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/resizable/ResizableRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/menubutton/MenuButtonRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/chart/ChartRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/listcontrol/ListControlRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/tree/TreeRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/dnd/DroppableRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/list/ListRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/tooltip/TooltipRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/datatable/DataTableRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/dialog/DialogRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/progressbar/ProgressBarRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/dnd/DraggableRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/menubar/MenuBarRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/maskedentry/MaskedEntryRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/datetimeentry/DateTimeEntryRenderer.java
                Ken Fyten made changes -
                Assignee Mark Collette [ mark.collette ] Nils Lundquist [ nils.lundquist ]
                Assignee Priority P1 [ 10010 ]
                Hide
                Permalink
                Nils Lundquist added a comment -

                Revision #33182
                Committed by nils.lundquist
                Moments ago
                ICE-6947 - ACE components - Use JSONBuilder to concat entire JS init call.

                Show
                Nils Lundquist added a comment - Revision #33182 Committed by nils.lundquist Moments ago ICE-6947 - ACE components - Use JSONBuilder to concat entire JS init call.
                Nils Lundquist made changes -
                Status Open [ 1 ] Resolved [ 5 ]
                Resolution Fixed [ 1 ]
                Repository Revision Date User Message
                ICEsoft Public SVN Repository #33186 Wed Jan 23 15:19:46 MST 2013 nils.lundquist ICE-6947 - Added initializeWindowVar to JSONBuilder
                Files Changed
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/notificationpanel/NotificationPanelRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/dialog/DialogRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/component/progressbar/ProgressBarRenderer.java
                Commit graph MODIFY /icefaces3/trunk/icefaces/ace/component/src/org/icefaces/ace/util/JSONBuilder.java
                Ken Fyten made changes -
                Status Resolved [ 5 ] Closed [ 6 ]

                  People

                  • Assignee:
                    Nils Lundquist
                    Reporter:
                    Mark Collette
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: