diff options
Diffstat (limited to 'documentation/advanced')
| -rw-r--r-- | documentation/advanced/advanced-security.asciidoc | 13 | ||||
| -rw-r--r-- | documentation/advanced/advanced-spring.asciidoc | 42 | ||||
| -rw-r--r-- | documentation/advanced/advanced-windows.asciidoc | 12 |
3 files changed, 24 insertions, 43 deletions
diff --git a/documentation/advanced/advanced-security.asciidoc b/documentation/advanced/advanced-security.asciidoc index d3b0a5249c..e04a3bc067 100644 --- a/documentation/advanced/advanced-security.asciidoc +++ b/documentation/advanced/advanced-security.asciidoc @@ -20,11 +20,10 @@ attack] by injecting offensive JavaScript code in such components. See other sources for more information about cross-site scripting. Offensive code can easily be injected with [literal]#++<script>++# markup or in -tag attributes as events, such as -[parameter]#onLoad#.//// -TODO Consider an example, Alice, Bob, -etc. -//// +tag attributes as events, such as [parameter]#onLoad#. + +// TODO Consider an example, Alice, Bob, etc. + Cross-site scripting vulnerabilities are browser dependent, depending on the situations in which different browsers execute scripting markup. @@ -50,7 +49,3 @@ and is not sanitized. As the entire purpose of the [classname]#RichTextArea# component is to allow input of formatted text, you can not just remove all HTML tags. Also many attributes, such as [parameter]#style#, should pass through the sanitization. - - - - diff --git a/documentation/advanced/advanced-spring.asciidoc b/documentation/advanced/advanced-spring.asciidoc index 7f83b864fd..21b079076c 100644 --- a/documentation/advanced/advanced-spring.asciidoc +++ b/documentation/advanced/advanced-spring.asciidoc @@ -209,7 +209,7 @@ The Ivy dependency is as follows: [subs="normal"] ---- <dependency org="com.vaadin" name="vaadin-spring" - rev="[replaceable]#latest.release#"/> + rev="[replaceable]##latest.release##"/> ---- The Maven dependency is as follows: @@ -218,17 +218,17 @@ The Maven dependency is as follows: <dependency> <groupId>com.vaadin</groupId> <artifactId>vaadin-spring</artifactId> - <version>[replaceable]#LATEST#</version> + <version>[replaceable]##LATEST##</version> </dependency> ---- -[[advanced.spring.peparing]] +[[advanced.spring.preparing]] == Preparing Application for Spring A Vaadin application that uses Spring must have a file named [filename]#applicationContext.xml# in the [filename]#WEB-INF# directory. -[subs="normal"] +[subs="verbatim,replacements,quotes"] ---- <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" @@ -240,12 +240,10 @@ A Vaadin application that uses Spring must have a file named http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.1.xsd"> - //Configuration object - + <!-- Configuration object --> <bean class="[replaceable]#com.example.myapp.MySpringUI.MyConfiguration#" /> - //Location for automatically scanned beans - + <!-- Location for automatically scanned beans --> <context:component-scan base-package="[replaceable]#com.example.myapp.domain#" /> </beans> @@ -395,7 +393,7 @@ navigator. public class MySpringUI extends UI { @Autowired SpringViewProvider viewProvider; - + @Override protected void init(VaadinRequest request) { Navigator navigator = new Navigator(this, this); @@ -498,25 +496,23 @@ If the list contains [parameter]#UI.class#, the view is available to all UIs. @SpringView(name="myview", uis={UI.class}) ---- - In the following, we have a login view that accesses a session-scoped user object. Here, we use a constant to define the view name, so that we can use the constant when navigating to it. - [source, java] ---- @SpringView(name=LoginView.NAME) public class LoginView extends CustomComponent implements View { public final static String NAME = ""; - + // Here we inject to the constructor and actually do // not store the injected object to use it later @Autowired public LoginView(User user) { VerticalLayout layout = new VerticalLayout(); - + // An input field for editing injected data BeanItem<User> item = new BeanItem<User>(user); TextField username = new TextField("User name", @@ -528,10 +524,10 @@ public class LoginView extends CustomComponent layout.addComponent(new Button("Login", e -> getUI().getNavigator(). navigateTo(MainView.VIEWNAME))); - + setCompositionRoot(layout); } - + @Override public void enter(ViewChangeEvent event) {} } @@ -539,13 +535,11 @@ public class LoginView extends CustomComponent You could now navigate to the view from any other view in the UI with: - [source, java] ---- getUI().getNavigator().navigateTo(LoginView.VIEWNAME); ---- - endif::web[] [[advanced.spring.accesscontrol]] @@ -664,7 +658,6 @@ default servlet as follows, and map the other servlets to other URL paths: ---- <web-app> ... - <servlet> <servlet-name>Default</servlet-name> <servlet-class> @@ -674,23 +667,18 @@ default servlet as follows, and map the other servlets to other URL paths: <servlet-mapping> <servlet-name>Default</servlet-name> - <url-pattern>[replaceable]#/myspringuis/*#</url-pattern> + <url-pattern>[replaceable]##/myspringuis/*##</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>Default</servlet-name> - <url-pattern>/VAADIN/*</url-pattern> + <url-pattern>/VAADIN/+++*+++</url-pattern> </servlet-mapping> </web-app> ---- -With such a setting, paths to Spring UIs would have base path -[filename]#/myapp/myspringuis#, to which the (optional) UI path would be -appended. The [filename]#/VAADIN/*# only needs to be mapped to the servlet if -there are no other Vaadin servlets. - +With such a setting, paths to Spring UIs would have base path [filename]#/myapp/myspringuis#, to which the (optional) UI path would be appended. +The [filename]#/VAADIN/*# only needs to be mapped to the servlet if there are no other Vaadin servlets. (((range="endofrange", startref="term.advanced.spring.springlong"))) (((range="endofrange", startref="term.advanced.spring.spring"))) - - diff --git a/documentation/advanced/advanced-windows.asciidoc b/documentation/advanced/advanced-windows.asciidoc index 741812ffd2..5bd77f7c80 100644 --- a/documentation/advanced/advanced-windows.asciidoc +++ b/documentation/advanced/advanced-windows.asciidoc @@ -35,7 +35,9 @@ a UI">>. Because of the special nature of AJAX applications, use of multiple windows uses require some -caveats.//// +caveats. + +//// TODO Re-enable We will go through them later in <xref linkend="advanced.windows.caveats"/>. //// @@ -71,7 +73,7 @@ public static class MyPopupUI extends UI { @Override protected void init(VaadinRequest request) { getPage().setTitle("Popup Window"); - + // Have some content for it VerticalLayout content = new VerticalLayout(); Label label = @@ -99,7 +101,7 @@ You can configure the features of the popup window with window features, as defined in the HTML specification. status=[parameter]#0|1#:: Whether the status bar at the bottom of the window should be enabled. -[parameter]##:: +[parameter]##:: scrollbars:: Enables scrollbars in the window if the document area is bigger than the view area of the window. resizable:: Allows the user to resize the browser window (no effect for tabs). menubar:: Enables the browser menu bar. @@ -174,7 +176,3 @@ public class MyPopup extends UI { } } ---- - - - - |