From seam-commits at lists.jboss.org Mon Jul 13 12:15:31 2009
Content-Type: multipart/mixed; boundary="===============5731611731737822186=="
MIME-Version: 1.0
From: seam-commits at lists.jboss.org
To: seam-commits at lists.jboss.org
Subject: [seam-commits] Seam SVN: r11280 - in branches/enterprise/JBPAPP_5_0:
doc/Seam_Reference_Guide/en-US and 1 other directory.
Date: Mon, 13 Jul 2009 11:57:43 -0400
Message-ID: <200907131557.n6DFvhrX016300@svn01.web.mwc.hst.phx2.redhat.com>
--===============5731611731737822186==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Author: manaRH
Date: 2009-07-13 11:57:43 -0400 (Mon, 13 Jul 2009)
New Revision: 11280
Modified:
branches/enterprise/JBPAPP_5_0/doc/Seam_Reference_Guide/en-US/Text.xml
branches/enterprise/JBPAPP_5_0/seam-text.g
Log:
back ported JBSEAM-4221
Modified: branches/enterprise/JBPAPP_5_0/doc/Seam_Reference_Guide/en-US/Tex=
t.xml
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- branches/enterprise/JBPAPP_5_0/doc/Seam_Reference_Guide/en-US/Text.xml =
2009-07-13 15:50:48 UTC (rev 11279)
+++ branches/enterprise/JBPAPP_5_0/doc/Seam_Reference_Guide/en-US/Text.xml =
2009-07-13 15:57:43 UTC (rev 11280)
@@ -226,4 +226,72 @@
=
=
-
\ No newline at end of file
+
+ Using the SeamTextParser
+
+
+ The <s:formattedText/> JSF component i=
nternally uses the
+ org.jboss.seam.text.SeamTextParser. You can =
use that class directly and implement
+ your own text parsing, rendering, or HTML sanitation procedure.=
This is especially useful if you have
+ a custom frontend for entering rich text, such as a Javascript-=
based HTML editor, and you want to validate
+ user input to protect your website against Cross-Site Scripting=
(XSS) attacks. Another usecase
+ are custom wiki text parsing and rendering engines.
+
+
+
+ The following example defines a custom text parser that overrid=
es the default HTML sanitizer:
+
+
+ http:=
//example.com]
+ @Override
+ protected String linkTag(String descriptionText, String linkText) {
+ return "My Custom Link: " + descrip=
tionText + "";
+ }
+
+ // Renders a or equivalent tag
+ @Override
+ protected String paragraphOpenTag() {
+ return "
";
+ }
+
+ public void parse() throws ANTLRException {
+ startRule();
+ }
+ =
+}]]>
+
+
+ The linkTag() and paragraphOpenTag(=
) methods are just some of many
+ you can override to customize rendered output. These methods ge=
nerally return String.
+ See the Javadoc for more details.
+
+
+
+ Also consult the Javadoc of org.jboss.seam.text.SeamTe=
xtParser.DefaultSanitizer for
+ more information on what HTML elements, attributes, and attribu=
te values or filtered by default.
+
+
+
+
+
+
+
+
\ No newline at end of file
Modified: branches/enterprise/JBPAPP_5_0/seam-text.g
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- branches/enterprise/JBPAPP_5_0/seam-text.g 2009-07-13 15:50:48 UTC (rev=
11279)
+++ branches/enterprise/JBPAPP_5_0/seam-text.g 2009-07-13 15:57:43 UTC (rev=
11280)
@@ -91,6 +91,7 @@
/**
* Implementation of the rules in http://wiki.whatwg.org/wiki/Sanitiza=
tion_rules
*
+ *
* Changes and additions:
*
* 1. Expanded all -* wildcard values to their full CSS property name =
(e.g. border-*).
@@ -107,10 +108,10 @@
*
* 7. Not implemented filtering of CSS url() - it's an invalid value a=
lways.
*
- * 8. Removed all