[JBoss JIRA] (RF-13208) Push: error "not well-formed" appears in browser console in Firefox
by Lukáš Fryč (JIRA)
[ https://issues.jboss.org/browse/RF-13208?page=com.atlassian.jira.plugin.s... ]
Lukáš Fryč reassigned RF-13208:
-------------------------------
Assignee: Lukáš Fryč
> Push: error "not well-formed" appears in browser console in Firefox
> -------------------------------------------------------------------
>
> Key: RF-13208
> URL: https://issues.jboss.org/browse/RF-13208
> Project: RichFaces
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: component-a4j-core
> Affects Versions: 4.3.4
> Environment: RichFaces 4.3.4.Final
> Metamer 4.3.4.20130919-Final
> Mojarra 2.1.19
> EAP 6.1.1
> OpenJDK Runtime Environment 1.7.0_40-mockbuild_2013_09_19_20_10-b00 @ Linux
> Firefox 24.0 @ Linux x86_64
> Reporter: Pavol Pitonak
> Assignee: Lukáš Fryč
> Fix For: 4.3.5, 5.0.0.Alpha3
>
> Attachments: firefox_console.png
>
>
> # deploy Metamer and open http://127.0.0.1:8080/metamer/faces/components/a4jPush/twoPush.xhtml
> # open browser console
> # click "Push 2!" button
> result:
> * browser console contains "not well-formed" JavaScript error (see screenshot)
> * when you click on the error, you can see something like this:
> {quote}
> <"topic":"jmsSampleAddress2","data":"day: 23, month: 9, time: 11:01:12.829","number":0>
> {quote}
> * component seems to work fine despite this error
> * I couldn't see this error in Chrome 29
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (RF-13458) CommandLink Javassist Compatibility Failures (richfaces-5.0.0.Alpha2)
by Steven W. (JIRA)
[ https://issues.jboss.org/browse/RF-13458?page=com.atlassian.jira.plugin.s... ]
Steven W. commented on RF-13458:
--------------------------------
Thanks for the follow-up - I went back and checked and believe the answer is "all of the above" - this app previously ran with 3.3 for a long time and then with 4.3.3.Final (which had ExtendedDataTable issues pending) and then most recently with richfaces-5.0.0.Alpha1
-- Steve
> CommandLink Javassist Compatibility Failures (richfaces-5.0.0.Alpha2)
> ---------------------------------------------------------------------
>
> Key: RF-13458
> URL: https://issues.jboss.org/browse/RF-13458
> Project: RichFaces
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Reporter: Steven W.
>
> There appear to be compatibility issues with the richfaces-5.0.0.Alpha2 release and the javassist package. Using older versions of the package lead to failures stating that new javassist methods are not available.
> When using the newer libraries (3.14 -> javassist-3.18.0-GA) exceptions are generated on the use of previously functioning command links (the corresponding methods are still the same signatures i.e. return String and take no parameters)
> {code}
> <rich:commandLink id="listByUnit" render="f_home,f_selections,g_body_wrapper"
> value="#{messages['listByUnit']}"
> title="#{messages['titleListByUnit']}"
> action="#{appController.selectCurrSelectionUnit}"/>
> {code}
> with
> {code}
> public String selectCurrSelectionUnit()
> {code}
> yields:
> {code}
> 2014-01-03 13:57:57,597 ERROR [org.jboss.seam.exception.Exceptions] - handled and logged exception
> javax.servlet.ServletException: /layout/controller-selections.xhtml: Property 'selectCurrSelectionUnit' not found on type com.integrits.bean.Controller_$$_javassist_seam_2
> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:606)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:374)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
> at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60)
> at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
> at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40)
> at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
> at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
> at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
> at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
> at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
> at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
> at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
> at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
> at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1008)
> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
> at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
> at java.lang.Thread.run(Thread.java:619)
> Caused by: javax.el.ELException: /layout/controller-selections.xhtml: Property 'selectCurrSelectionUnit' not found on type com.integrits.bean.Controller_$$_javassist_seam_2
> at com.sun.faces.facelets.compiler.AttributeInstruction.write(AttributeInstruction.java:94)
> at com.sun.faces.facelets.compiler.UIInstructions.encodeBegin(UIInstructions.java:82)
> at com.sun.faces.facelets.compiler.UILeaf.encodeAll(UILeaf.java:207)
> at javax.faces.render.Renderer.encodeChildren(Renderer.java:168)
> at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:847)
> at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.encodeRecursive(HtmlBasicRenderer.java:304)
> at com.sun.faces.renderkit.html_basic.GroupRenderer.encodeChildren(GroupRenderer.java:105)
> at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:847)
> at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.encodeRecursive(HtmlBasicRenderer.java:304)
> at com.sun.faces.renderkit.html_basic.GridRenderer.renderRow(GridRenderer.java:185)
> at com.sun.faces.renderkit.html_basic.GridRenderer.encodeChildren(GridRenderer.java:129)
> at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:847)
> at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1819)
> at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1822)
> at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:447)
> at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:125)
> at org.jboss.seam.jsf.SeamViewHandler.renderView(SeamViewHandler.java:188)
> at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:286)
> at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:120)
> at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
> at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:139)
> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:594)
> ... 33 more
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (RF-13306) Autocomplete: initialize value from DOM (was: ignored API call .setValue(''))
by Lukáš Fryč (JIRA)
[ https://issues.jboss.org/browse/RF-13306?page=com.atlassian.jira.plugin.s... ]
Lukáš Fryč reassigned RF-13306:
-------------------------------
Assignee: Lukáš Fryč
> Autocomplete: initialize value from DOM (was: ignored API call .setValue(''))
> -----------------------------------------------------------------------------
>
> Key: RF-13306
> URL: https://issues.jboss.org/browse/RF-13306
> Project: RichFaces
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Affects Versions: 4.3.4
> Reporter: alexey plotnikov
> Assignee: Lukáš Fryč
> Fix For: 4.3.5
>
>
> All described here https://community.jboss.org/thread/233973
> I have this autocomplete component:
> {code}
> <table>
> <tr>
> <td>
> <rich:autocomplete mode="ajax" autocompleteMethod="#{autocomplete.autocompleteProviders}"
> minChars="0" var="s" fetchValue="#{s.realName}" id="provider-suggestion"
> autofill="false"
> onselectitem="autocompleteChangeProvider(event.target)" style="display: inline;"
> layout="table" value="#{autocomplete.providerName}" >
> <a4j:queue requestDelay="500" ignoreDupResponses="true" />
> <h:column>
> <h:outputText style="display:none;" value="#{s.id}"/>
> <h:outputText style="display:none;" value="#{s.realName}"/>
> </h:column>
> <h:column>
> <h:outputText value="#{s.name}" escape="false"/>
> </h:column>
> </rich:autocomplete>
> </td>
> <td>
> <h:graphicImage value="/img/arrow.png" onclick="#{rich:component('provider-suggestion')}.setValue('');#{rich:component('provider-suggestion')}.showPopup();stopEvent(event);"
> alt=""/>
> <h:graphicImage value="/img/cancel.png"
> onclick="#{rich:component('provider-suggestion')}.hidePopup();#{rich:component('provider-suggestion')}.setValue('');autocompleteChangeProvider(null);"
> alt="#{messages['pages.clear']}" title="#{messages['pages.clear']}"/>
> <h:inputHidden id="filter-provider-id" value="#{autocomplete.providerId}"/>
> </td>
> </tr>
> </table>
> {code}
> as you can see, i don't use showButton="true", because i need another functionality, i need erase input text before show popup window.
> I use JavaScript function "autocompleteChangeProvider" for extract selected id.
> I use separate button(/img/cancel.png) for erase input text, as you can see this function just use Richfaces API.
>
> And a problem:
> if autocomplete.providerName not null and not empty(in rich:autocomplete) and user clicks on show button(/img/arrow.png) than input text not erasing, but i called #{rich:component('provider-suggestion')}.setValue('') !!!
>
> I think i found a solution
> AutocompleteBase.js has this code:
> {code}
> rf.ui.AutocompleteBase = function(componentId, selectId, fieldId, options) {
> // call constructor of parent class
> $super.constructor.call(this, componentId);
> this.selectId = selectId;
> this.fieldId = fieldId;
> this.options = $.extend({}, defaultOptions, options);
> this.namespace = this.namespace || "." + rf.Event.createNamespace(this.name, this.selectId);
> this.currentValue = "";
> this.tempValue = this.getValue();
> this.isChanged = this.tempValue.length != 0;
> bindEventHandlers.call(this);
> };
> {code}
> as you can see this.currentValue = "" so JS thinks that this.currentValue="" so currentValue equal new value("" - empty string), so nothing happens.
> i replace this code by this:
> {code}
> rf.ui.AutocompleteBase = function(componentId, selectId, fieldId, options) {
> // call constructor of parent class
> $super.constructor.call(this, componentId);
> this.selectId = selectId;
> this.fieldId = fieldId;
> this.options = $.extend({}, defaultOptions, options);
> this.namespace = this.namespace || "." + rf.Event.createNamespace(this.name, this.selectId);
> this.currentValue = $(rf.getDomElement(fieldId)).val();
> this.tempValue = this.getValue();
> this.isChanged = this.tempValue.length != 0;
> bindEventHandlers.call(this);
> };
> {code}
> and it works!
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (RF-13358) rich:panelMenuGroup allowing actions executions even if originally disabled
by Pavel Slegr (JIRA)
[ https://issues.jboss.org/browse/RF-13358?page=com.atlassian.jira.plugin.s... ]
Pavel Slegr reopened RF-13358:
------------------------------
Thanks Matej! ... reopening
> rich:panelMenuGroup allowing actions executions even if originally disabled
> ---------------------------------------------------------------------------
>
> Key: RF-13358
> URL: https://issues.jboss.org/browse/RF-13358
> Project: RichFaces
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: component-menu
> Affects Versions: 4.3.4
> Environment: Linux, AS 7.1.1 Brontes, FF 25 with FireBug addOn
> Reporter: Pavel Slegr
> Assignee: Brian Leathem
> Priority: Critical
> Labels: needs-qe
> Fix For: 4.3.5, 4.5.0.Alpha2, 5.0.0.Alpha3
>
> Original Estimate: 1 hour
> Remaining Estimate: 1 hour
>
> related to https://issues.jboss.org/browse/RF-12813
> This can be possibly a security hole, as the second component piece is discovered to allow tampering actions through JS.
> I suggest to try out on other components as well !!!
> with following example
> {code}
> {
> <rich:panelMenuGroup id="group4" label="Group 4" expanded="false">
> <rich:panelMenuItem id="item41" label="Item 4.1" />
> <rich:panelMenuItem id="item42" label="Item 4.2" disabled="true" />
> <rich:panelMenuGroup id="group43" label="Group 4.1" disabled="true">
> <rich:panelMenuItem id="item431" label="Item 4.1.1" />
> </rich:panelMenuGroup>
> </rich:panelMenuGroup>
> }
> {code}
> the group43 element is intended to be disabled and thus not allowing any actions execution on it
> Once tampered with
> {code}
> {
> new RichFaces.ui.PanelMenuGroup("f:group43",{"collapseEvent":"click","unselectable":false,"selectable":false,"name":"group43","ajax":{"incId":"1"} ,"stylePrefix":"rf\u002Dpm\u002Dgr","expanded":false,"expandEvent":"click","disabled":false,"mode":"client"} )
> }
> {code}
> It is possible to expand the group and execute further actions on its children elements
> NOTE: to verify this in RF 4.5 the JS function is: _new RichFaces.rf4.ui....._
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (RF-13358) rich:panelMenuGroup allowing actions executions even if originally disabled
by Matej Novotny (JIRA)
[ https://issues.jboss.org/browse/RF-13358?page=com.atlassian.jira.plugin.s... ]
Matej Novotny updated RF-13358:
-------------------------------
Description:
related to https://issues.jboss.org/browse/RF-12813
This can be possibly a security hole, as the second component piece is discovered to allow tampering actions through JS.
I suggest to try out on other components as well !!!
with following example
{code}
{
<rich:panelMenuGroup id="group4" label="Group 4" expanded="false">
<rich:panelMenuItem id="item41" label="Item 4.1" />
<rich:panelMenuItem id="item42" label="Item 4.2" disabled="true" />
<rich:panelMenuGroup id="group43" label="Group 4.1" disabled="true">
<rich:panelMenuItem id="item431" label="Item 4.1.1" />
</rich:panelMenuGroup>
</rich:panelMenuGroup>
}
{code}
the group43 element is intended to be disabled and thus not allowing any actions execution on it
Once tampered with
{code}
{
new RichFaces.ui.PanelMenuGroup("f:group43",{"collapseEvent":"click","unselectable":false,"selectable":false,"name":"group43","ajax":{"incId":"1"} ,"stylePrefix":"rf\u002Dpm\u002Dgr","expanded":false,"expandEvent":"click","disabled":false,"mode":"client"} )
}
{code}
It is possible to expand the group and execute further actions on its children elements
NOTE: to verify this in RF 4.5 the JS function is: _new RichFaces.rf4.ui....._
was:
related to https://issues.jboss.org/browse/RF-12813
This can be possibly a security hole, as the second component piece is discovered to allow tampering actions through JS.
I suggest to try out on other components as well !!!
with following example
{code}
{
<rich:panelMenuGroup id="group4" label="Group 4" expanded="false">
<rich:panelMenuItem id="item41" label="Item 4.1" />
<rich:panelMenuItem id="item42" label="Item 4.2" disabled="true" />
<rich:panelMenuGroup id="group43" label="Group 4.1" disabled="true">
<rich:panelMenuItem id="item431" label="Item 4.1.1" />
</rich:panelMenuGroup>
</rich:panelMenuGroup>
}
{code}
the group43 element is intended to be disabled and thus not allowing any actions execution on it
Once tampered with
{code}
{
new RichFaces.ui.PanelMenuGroup("f:group43",{"collapseEvent":"click","unselectable":false,"selectable":false,"name":"group43","ajax":{"incId":"1"} ,"stylePrefix":"rf\u002Dpm\u002Dgr","expanded":false,"expandEvent":"click","disabled":false,"mode":"client"} )
}
{code}
It is possible to expand the group and execute further actions on its children elements
> rich:panelMenuGroup allowing actions executions even if originally disabled
> ---------------------------------------------------------------------------
>
> Key: RF-13358
> URL: https://issues.jboss.org/browse/RF-13358
> Project: RichFaces
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: component-menu
> Affects Versions: 4.3.4
> Environment: Linux, AS 7.1.1 Brontes, FF 25 with FireBug addOn
> Reporter: Pavel Slegr
> Assignee: Brian Leathem
> Priority: Critical
> Labels: needs-qe
> Fix For: 4.3.5, 4.5.0.Alpha2, 5.0.0.Alpha3
>
> Original Estimate: 1 hour
> Remaining Estimate: 1 hour
>
> related to https://issues.jboss.org/browse/RF-12813
> This can be possibly a security hole, as the second component piece is discovered to allow tampering actions through JS.
> I suggest to try out on other components as well !!!
> with following example
> {code}
> {
> <rich:panelMenuGroup id="group4" label="Group 4" expanded="false">
> <rich:panelMenuItem id="item41" label="Item 4.1" />
> <rich:panelMenuItem id="item42" label="Item 4.2" disabled="true" />
> <rich:panelMenuGroup id="group43" label="Group 4.1" disabled="true">
> <rich:panelMenuItem id="item431" label="Item 4.1.1" />
> </rich:panelMenuGroup>
> </rich:panelMenuGroup>
> }
> {code}
> the group43 element is intended to be disabled and thus not allowing any actions execution on it
> Once tampered with
> {code}
> {
> new RichFaces.ui.PanelMenuGroup("f:group43",{"collapseEvent":"click","unselectable":false,"selectable":false,"name":"group43","ajax":{"incId":"1"} ,"stylePrefix":"rf\u002Dpm\u002Dgr","expanded":false,"expandEvent":"click","disabled":false,"mode":"client"} )
> }
> {code}
> It is possible to expand the group and execute further actions on its children elements
> NOTE: to verify this in RF 4.5 the JS function is: _new RichFaces.rf4.ui....._
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (RF-13358) rich:panelMenuGroup allowing actions executions even if originally disabled
by Matej Novotny (JIRA)
[ https://issues.jboss.org/browse/RF-13358?page=com.atlassian.jira.plugin.s... ]
Matej Novotny commented on RF-13358:
------------------------------------
I tried this in RF 5 and RF 4.5 using Metamer (just adding a few lines to existing page and executing JS).
In both cases the bug still exists and after JS execution the panel is expandable and can be interacted with.
> rich:panelMenuGroup allowing actions executions even if originally disabled
> ---------------------------------------------------------------------------
>
> Key: RF-13358
> URL: https://issues.jboss.org/browse/RF-13358
> Project: RichFaces
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: component-menu
> Affects Versions: 4.3.4
> Environment: Linux, AS 7.1.1 Brontes, FF 25 with FireBug addOn
> Reporter: Pavel Slegr
> Assignee: Brian Leathem
> Priority: Critical
> Labels: needs-qe
> Fix For: 4.3.5, 4.5.0.Alpha2, 5.0.0.Alpha3
>
> Original Estimate: 1 hour
> Remaining Estimate: 1 hour
>
> related to https://issues.jboss.org/browse/RF-12813
> This can be possibly a security hole, as the second component piece is discovered to allow tampering actions through JS.
> I suggest to try out on other components as well !!!
> with following example
> {code}
> {
> <rich:panelMenuGroup id="group4" label="Group 4" expanded="false">
> <rich:panelMenuItem id="item41" label="Item 4.1" />
> <rich:panelMenuItem id="item42" label="Item 4.2" disabled="true" />
> <rich:panelMenuGroup id="group43" label="Group 4.1" disabled="true">
> <rich:panelMenuItem id="item431" label="Item 4.1.1" />
> </rich:panelMenuGroup>
> </rich:panelMenuGroup>
> }
> {code}
> the group43 element is intended to be disabled and thus not allowing any actions execution on it
> Once tampered with
> {code}
> {
> new RichFaces.ui.PanelMenuGroup("f:group43",{"collapseEvent":"click","unselectable":false,"selectable":false,"name":"group43","ajax":{"incId":"1"} ,"stylePrefix":"rf\u002Dpm\u002Dgr","expanded":false,"expandEvent":"click","disabled":false,"mode":"client"} )
> }
> {code}
> It is possible to expand the group and execute further actions on its children elements
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months