Fixed critically broken comment blocks, broken emphasis and escaping, and some other formatting, and moved book preface, chapter structure, and index to the docs repository.
Prevent HTTP Response splitting in case the server doesn't (#19611)
Prevent user-provided input used in the redirect from containing newline
characters as the user agent would interpret subsequent parts of the
input as additional headers or the actual HTTP payload.
At least modern versions of Tomcat and Jetty already protect against
this kind of attack by escaping received header values, but that is not
necessarily the case for older versions or other servlet engines.
See https://www.owasp.org/index.php/HTTP_Response_Splitting for details.
Change-Id: If4b9bf5fba953073de49c1ab1cba8e5e6bc8e546
Specify the license of the documentation in the LICENSE file.
Added a mention that the license of the documentation is CC-BY-ND
and not Apache 2.0, as the other contents of the repository.
Change-Id: If74ac2abbff2d6eea10d0f1f17ef1f1cc60e98d9
Fix GeneratedPropertyContainer with non-Sortable Containers (#19511)
Adds a missing throw to sort method and fixes
getSortableContainerPropertyIds to return an empty collection if not
sortable.
Change-Id: I5df34234867762ce88e181a10ec015cd0336cd39
Do not process click events for disabled optiongroups (#19433)
This removes the warning logged on the server side when the RPC reaches it
for the disabled component. As this is more of a cosmetic change, there is
no automatic test.
Change-Id: I8bfa83bd0a26c585e1614d821ac3b598294db09d
Allow legacy components to paint infinity double values again (#19447)
JsonPaintTarget.addAttribute(String,double) converts infinity values to
{ "name": Infinity }. This is not valid JSON but has "always worked" and
at least NumberField relies on being able to send infinity values.
For state and RPC it's not possible to send 'infinity' as JsonNumber
converts those to null.
It is not possible to send 'infinity' back to the server using a legacy
variable either as also in this case JsonNumber is used and the value becomes
null.
This fix should be reverted when legacy variable support is removed.
Change-Id: I4b5366420e11915236eff447e3eeedc458cf8cea
Add a simple waitForApplication for servlet integration tests
This waitForApplication checks if an UI element exists on the page. If
not, then it will wait 10 seconds in order for it to appear. This should
reduce the amount of false negatives in server tests.
Change-Id: I37a398e60c247920fd56fc05b747e0f93f3f2dd2