From nico.tromp at gmail.com Tue Jan 13 10:44:10 2009 From: nico.tromp at gmail.com (Nico Tromp) Date: Tue Jan 13 10:42:43 2009 Subject: [Hippoportal-dev] Preventing HTML/JavaScript injection Message-ID: <439bd37e0901130144q4d3833c5ia9208e3eddd9ceb0@mail.gmail.com> Hi all, can somebody tell me what the prefered way is of escaping 'dangerous' characters. I am looking for a java class like 'org.apache.commons.lang.StringEscapUtils' that escapes the greater-then, less-then and other characters that can be used to inject HTML into a Hippo portal application. Accented characters should NOT be escaped. We need them for our analyzers so we can still perform searches. We have a webservice that puts content into the repository. Just before we put the content into the repository we need to escape these dangerous characters so the frontend code (our portal application) can just render responses without worrying about HTML/JavaScript injection. Thanks is advance Nico Tromp -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.hippo.nl/pipermail/hippoportal-dev/attachments/20090113/24b8d632/attachment.htm From michiel at trimpe.nl Wed Jan 28 13:40:54 2009 From: michiel at trimpe.nl (Michiel Trimpe) Date: Wed Jan 28 14:25:03 2009 Subject: [Hippoportal-dev] Strange recursive portlet loading error Message-ID: <990c65350901280440pcb3b1f1qc0d548ab3cf0230a@mail.gmail.com> Dear Hippo, I'm working on the third portal project at my company and I'm getting a really strange error. First of all; when I do essentially the same steps as a co-worker it works on his machine and not on mine. The error seems to be that somehow the portal enters a recursive loop of creating (all or some of) the portlets in the page, since sometimes you see the portlets being added to the loading page over and over again. Eventually we get the following enormous stack-trace: http://pastebin.com/f776a3084 The problem is quite serious since it takes down the entire portal instance in very little time, so I hope I'm not running into an existing race condition with synchronization of navigational state. Do you guys have any idea what might be causing this? Kind regards, Michiel Trimpe -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.hippo.nl/pipermail/hippoportal-dev/attachments/20090128/476f2120/attachment.htm From a.douma at onehippo.com Wed Jan 28 14:35:48 2009 From: a.douma at onehippo.com (Ate Douma) Date: Wed Jan 28 15:57:10 2009 Subject: [Hippoportal-dev] Strange recursive portlet loading error In-Reply-To: <990c65350901280440pcb3b1f1qc0d548ab3cf0230a@mail.gmail.com> References: <990c65350901280440pcb3b1f1qc0d548ab3cf0230a@mail.gmail.com> Message-ID: <49805F34.7090808@onehippo.com> Michiel Trimpe wrote: > Dear Hippo, > > I'm working on the third portal project at my company and I'm getting a > really strange error. > > First of all; when I do essentially the same steps as a co-worker it > works on his machine and not on mine. > > The error seems to be that somehow the portal enters a recursive loop of > creating (all or some of) the portlets in the page, since sometimes you > see the portlets being added to the loading page over and over again. > Eventually we get the following enormous stack-trace: > http://pastebin.com/f776a3084 > > The problem is quite serious since it takes down the entire portal > instance in very little time, so I hope I'm not running into an existing > race condition with synchronization of navigational state. > > Do you guys have any idea what might be causing this? Hi Michiel, Looking at the stacktrace, it really is impossible to tell what goes wrong. It seems to (end up) somewhere within Catalina but that doesn't really tell much either. I never seen or experiences this before. As you say a co-worker doesn't have this, it seems to be related to your local installation/configuration. Possible causes I can think of: - multiple/conflicting versions of artifacts/jars in the classpath - maven repo and/or jars corrupted My suggestion is cleaning out your installation and do a fresh build install, possibly even first clearing out your local maven repository. Regards, Ate > > Kind regards, > > Michiel Trimpe > > > ------------------------------------------------------------------------ > > _______________________________________________ > Hippoportal-dev mailing list > Hippoportal-dev@lists.hippo.nl > http://lists.hippo.nl/mailman/listinfo/hippoportal-dev -- a.douma@onehippo.com www.onehippo.com Amsterdam - Hippo B.V. Oosteinde 11 1017 WT Amsterdam +31(0)20-5224466 San Francisco - Hippo USA Inc. 101 H Street, suite Q Petaluma CA 94952-5100 +1(877) 41-HIPPO From michiel at trimpe.nl Thu Jan 29 14:31:52 2009 From: michiel at trimpe.nl (Michiel Trimpe) Date: Thu Jan 29 14:29:31 2009 Subject: [Hippoportal-dev] Strange recursive portlet loading error In-Reply-To: <49805F34.7090808@onehippo.com> References: <990c65350901280440pcb3b1f1qc0d548ab3cf0230a@mail.gmail.com> <49805F34.7090808@onehippo.com> Message-ID: <990c65350901290531s4366f6edo591dace0d73abf45@mail.gmail.com> Hi Ate, I just had a flash of insight and realized that the only thing that was different was the filename and that was wat caused the problem. Because it's a new project the context root was not yet fixed and my artifact filename was different from his (i.e. artifact-name-x.x.x-SNAPSHOT.war instead of artifact-name.war). That apparently caused an endless loop from the portlet application to itself or something like that. Regards, Michiel Trimpe On Wed, Jan 28, 2009 at 2:35 PM, Ate Douma wrote: > Michiel Trimpe wrote: > >> Dear Hippo, >> >> I'm working on the third portal project at my company and I'm getting a >> really strange error. >> >> First of all; when I do essentially the same steps as a co-worker it works >> on his machine and not on mine. >> >> The error seems to be that somehow the portal enters a recursive loop of >> creating (all or some of) the portlets in the page, since sometimes you see >> the portlets being added to the loading page over and over again. Eventually >> we get the following enormous stack-trace: http://pastebin.com/f776a3084 >> >> The problem is quite serious since it takes down the entire portal >> instance in very little time, so I hope I'm not running into an existing >> race condition with synchronization of navigational state. >> >> Do you guys have any idea what might be causing this? >> > Hi Michiel, > > Looking at the stacktrace, it really is impossible to tell what goes wrong. > It seems to (end up) somewhere within Catalina but that doesn't really tell > much either. > I never seen or experiences this before. > > As you say a co-worker doesn't have this, it seems to be related to your > local installation/configuration. > Possible causes I can think of: > - multiple/conflicting versions of artifacts/jars in the classpath > - maven repo and/or jars corrupted > > My suggestion is cleaning out your installation and do a fresh build > install, possibly even first clearing out your local maven repository. > > Regards, > > Ate > > >> Kind regards, >> >> Michiel Trimpe >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Hippoportal-dev mailing list >> Hippoportal-dev@lists.hippo.nl >> http://lists.hippo.nl/mailman/listinfo/hippoportal-dev >> > > > -- > a.douma@onehippo.com www.onehippo.com > > Amsterdam - Hippo B.V. Oosteinde 11 1017 WT Amsterdam +31(0)20-5224466 > San Francisco - Hippo USA Inc. 101 H Street, suite Q Petaluma CA 94952-5100 > +1(877) 41-HIPPO > > _______________________________________________ > Hippoportal-dev mailing list > Hippoportal-dev@lists.hippo.nl > http://lists.hippo.nl/mailman/listinfo/hippoportal-dev > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.hippo.nl/pipermail/hippoportal-dev/attachments/20090129/fe57efd9/attachment.htm From helpdesk at onehippo.com Thu Jan 29 16:30:25 2009 From: helpdesk at onehippo.com (JIRA (Dennis Dam)) Date: Thu Jan 29 16:28:01 2009 Subject: [Hippoportal-dev] [JIRA] Created: (PORTAL-97) Load Custom Forms from Hippo CMS Six' CForms Editor Message-ID: <3719723.1233243025500.JavaMail.jira@hat01> Load Custom Forms from Hippo CMS Six' CForms Editor --------------------------------------------------- Key: PORTAL-97 URL: http://issues.onehippo.org/browse/PORTAL-97 Project: Hippo Portal Issue Type: New Feature Components: hippo-portal-pac Affects Versions: 1.10.00.m02 Reporter: Dennis Dam Assignee: Dennis Dam Fix For: 1.10.00.m02 CForms Backend Templates in Hippo CMS Six can contain a standard element "form" which represents an HTML form. The XML which is the result of editing such a form in the CMS needs to be converted to a form defintion in Hippo Portal, so that the form can be loaded by the Hippo Portal forms framework. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.onehippo.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira