/**
* Creates a "humanized" notification message.
*
- * Care should be taken to to avoid XSS vulnerabilities as the caption is by
- * default rendered as html.
+ * The caption is rendered as plain text with HTML automatically escaped.
*
* @param caption
* The message to show
/**
* Creates a notification message of the specified type.
*
- * Care should be taken to to avoid XSS vulnerabilities as the caption is by
- * default rendered as html.
+ * The caption is rendered as plain text with HTML automatically escaped.
*
* @param caption
* The message to show
* Creates a "humanized" notification message with a bigger caption and
* smaller description.
*
- * Care should be taken to to avoid XSS vulnerabilities as the caption and
- * description are by default rendered as html.
+ * The caption and description are rendered as plain text with HTML
+ * automatically escaped.
*
* @param caption
* The message caption
* Creates a notification message of the specified type, with a bigger
* caption and smaller description.
*
- * Care should be taken to to avoid XSS vulnerabilities as the caption and
- * description are by default rendered as html.
+ * The caption and description are rendered as plain text with HTML
+ * automatically escaped.
*
* @param caption
* The message caption
* The type of message
*/
public Notification(String caption, String description, int type) {
- this(caption, description, type, true);
+ this(caption, description, type, false);
}
/**
* Shows a notification message on the middle of the current page. The
* message automatically disappears ("humanized message").
*
- * Care should be taken to to avoid XSS vulnerabilities as the caption is
- * rendered as html.
+ * The caption is rendered as plain text with HTML automatically escaped.
*
* @see #Notification(String)
* @see #show(Page)
* defined in {@link Notification}, for instance
* Notification.TYPE_WARNING_MESSAGE.
*
- * Care should be taken to to avoid XSS vulnerabilities as the caption is
- * rendered as html.
+ * The caption is rendered as plain text with HTML automatically escaped.
*
* @see #Notification(String, int)
* @see #show(Page)
*/
@Deprecated
public void showNotification(String caption) {
- getPage().showNotification(new Notification(caption));
+ Notification notification = new Notification(caption);
+ notification.setHtmlContentAllowed(true);// Backwards compatibility
+ getPage().showNotification(notification);
}
/**
*/
@Deprecated
public void showNotification(String caption, int type) {
- getPage().showNotification(new Notification(caption, type));
+ Notification notification = new Notification(caption, type);
+ notification.setHtmlContentAllowed(true);// Backwards compatibility
+ getPage().showNotification(notification);
}
/**
*/
@Deprecated
public void showNotification(String caption, String description) {
- getPage().showNotification(new Notification(caption, description));
+ Notification notification = new Notification(caption, description);
+ notification.setHtmlContentAllowed(true);// Backwards compatibility
+ getPage().showNotification(notification);
}
/**
*/
@Deprecated
public void showNotification(String caption, String description, int type) {
- getPage()
- .showNotification(new Notification(caption, description, type));
+ Notification notification = new Notification(caption, description, type);
+ notification.setHtmlContentAllowed(true);// Backwards compatibility
+ getPage().showNotification(notification);
}
/**
public void buttonClick(ClickEvent event) {
form.commit();
Notification.show("The custom boolean field value is "
- + data.isCustom() + ".<br>"
+ + data.isCustom() + ".\n"
+ "The checkbox (default boolean field) value is "
+ data.isNormal() + ".");
}
public void buttonClick(ClickEvent event) {
Notification n = new Notification(tf.getValue(),
(Integer) type.getValue());
+ n.setHtmlContentAllowed(true);
n.show(Page.getCurrent());
}
}
import com.vaadin.event.Action;
import com.vaadin.event.Action.Handler;
import com.vaadin.event.ShortcutAction;
+import com.vaadin.terminal.Page;
import com.vaadin.tests.components.TestBase;
import com.vaadin.ui.AbstractField;
import com.vaadin.ui.Component;
String string = f.getValue().toString();
msg += " Value: " + string;
- Notification.show(msg);
+ Notification notification = new Notification(msg);
+ notification.setHtmlContentAllowed(true);
+ notification.show(Page.getCurrent());
}
Button show = new Button("Humanized Notification",
new Button.ClickListener() {
public void buttonClick(ClickEvent event) {
- new Notification(title.getValue(), message.getValue())
- .show(Page.getCurrent());
+ Notification notification = new Notification(
+ title.getValue(), message.getValue());
+ notification.setHtmlContentAllowed(true);
+ notification.show(Page.getCurrent());
}
});
l.addComponent(show);
show = new Button("Warning Notification", new Button.ClickListener() {
public void buttonClick(ClickEvent event) {
new Notification(title.getValue(), message.getValue(),
- Notification.TYPE_WARNING_MESSAGE).show(Page
+ Notification.TYPE_WARNING_MESSAGE, true).show(Page
.getCurrent());
}
show = new Button("Error Notification", new Button.ClickListener() {
public void buttonClick(ClickEvent event) {
new Notification(title.getValue(), message.getValue(),
- Notification.TYPE_ERROR_MESSAGE).show(Page.getCurrent());
+ Notification.TYPE_ERROR_MESSAGE, true).show(Page
+ .getCurrent());
}
});
show = new Button("Tray Notification", new Button.ClickListener() {
public void buttonClick(ClickEvent event) {
new Notification(title.getValue(), message.getValue(),
- Notification.TYPE_TRAY_NOTIFICATION).show(Page
+ Notification.TYPE_TRAY_NOTIFICATION, true).show(Page
.getCurrent());
}
int dataModelValue = myBean.getValue();
Notification.show("UI value (String): " + uiValue
- + "<br />Property value (Integer): " + propertyValue
- + "<br />Data model value (int): " + dataModelValue);
+ + "\nProperty value (Integer): " + propertyValue
+ + "\nData model value (int): " + dataModelValue);
}
});
projects / vaadin-framework.git / commitdiff