cl-weblocks-ticket August 2007

cl-weblocks-ticket@common-lisp.net

1 participants
53 discussions

[cl-weblocks-ticket] #55: Fix issues related to adding items to gridedit with JS turned off
by cl-weblocks 07 Aug '07

07 Aug '07

#55: Fix issues related to adding items to gridedit with JS turned off ----------------------------------------------+----------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: gridedit javascript off addition | ----------------------------------------------+----------------------------- When !JavaScript is turned off, dataform widget in add-item function of gridedit doesn't behave correctly. Gridedit creates a new dataform widget with every request so any validation errors and intermediate input fields aren't properly displayed. -- Ticket URL: <http://trac.common-lisp.net/cl-weblocks/ticket/55> cl-weblocks <http://common-lisp.net/project/cl-weblocks> cl-weblocks

1 1

[cl-weblocks-ticket] #19: Extra tags div currently uses   contents which makes unstyled pages look unattractive
by cl-weblocks 06 Aug '07

06 Aug '07

#19: Extra tags div currently uses   contents which makes unstyled pages look unattractive ----------------------------+----------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: low | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: extra tags div | ----------------------------+----------------------------------------------- Weblocks places extra HTML tags in many places in order to allow for styling hooks. Currently the tags have   contents which make the page look unattractive when it's unstyled. Additionally this is incorrent - there should be no contents in those tags. A comment  should be sufficient. -- Ticket URL: <http://trac.common-lisp.net/cl-weblocks/ticket/19> cl-weblocks <http://common-lisp.net/project/cl-weblocks> cl-weblocks

1 1

[cl-weblocks-ticket] #15: Fix friendly URLs and form actions in W3M
by cl-weblocks 06 Aug '07

06 Aug '07

#15: Fix friendly URLs and form actions in W3M -------------------------------------------+-------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: high | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: w3m friendly URL form actions | -------------------------------------------+-------------------------------- Currently form actions and friendly URLs appear to be broken in W3M. W3M seems to handle absolute links differently from other browsers which appears to be the root of the problem. -- Ticket URL: <http://trac.common-lisp.net/cl-weblocks/ticket/15> cl-weblocks <http://common-lisp.net/project/cl-weblocks> cl-weblocks

1 1

[cl-weblocks-ticket] #45: Don't use gensym for actions to avoid XSS attacks
by cl-weblocks 06 Aug '07

06 Aug '07

#45: Don't use gensym for actions to avoid XSS attacks -----------------------+---------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: defect | Status: new Priority: critical | Milestone: Component: weblocks | Version: Keywords: security | -----------------------+---------------------------------------------------- gensym-based action urls can be guessed and thus the following attack is possible: A user has his weblock-based bank system open. In gmail, the user gets a link to a web-page that will generate lots of guessed action urls that transfers funds out of the users bank account. Ways to fix: 1. Require session id in URLs[[BR]] 2. Or, generate stronger non-gensym based action ids -- Ticket URL: <http://trac.common-lisp.net/cl-weblocks/ticket/45> cl-weblocks <http://common-lisp.net/project/cl-weblocks> cl-weblocks

1 4

[cl-weblocks-ticket] #29: Refactor form and input markup into snippets
by cl-weblocks 06 Aug '07

06 Aug '07

#29: Refactor form and input markup into snippets ------------------------------------------+--------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: refactor form markup snippet | ------------------------------------------+--------------------------------- Currently various widgets output form and input markup manually. We should refactor this functionality into snippets and convert existing widgets to use the snippets. -- Ticket URL: <http://trac.common-lisp.net/cl-weblocks/ticket/29> cl-weblocks <http://common-lisp.net/project/cl-weblocks> cl-weblocks

1 2

[cl-weblocks-ticket] #24: 'Blocks' should be renamed to 'snippets'
by cl-weblocks 06 Aug '07

06 Aug '07

#24: 'Blocks' should be renamed to 'snippets' ------------------------------------+--------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: low | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: blocks snippets rename | ------------------------------------+--------------------------------------- A 'block' is a bad name. A 'snippet' is much better. We should rename blocks to snippets. -- Ticket URL: <http://trac.common-lisp.net/cl-weblocks/ticket/24> cl-weblocks <http://common-lisp.net/project/cl-weblocks> cl-weblocks

1 1

[cl-weblocks-ticket] #34: Sanitize input to prevent cross-site scripting and SQL injection
by cl-weblocks 03 Aug '07

03 Aug '07

#34: Sanitize input to prevent cross-site scripting and SQL injection ---------------------------------------------------------+------------------ Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: high | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: cross-site scripting SQL injection sanitize | ---------------------------------------------------------+------------------ We should sanitize form input to prevent cross-site scripting and SQL injection. Sanitation should ideally be done in a centralized place (in particular, request-object-mapping). -- Ticket URL: <http://trac.common-lisp.net/cl-weblocks/ticket/34> cl-weblocks <http://common-lisp.net/project/cl-weblocks> cl-weblocks

1 3

[cl-weblocks-ticket] #16: Make page titles dynamic (perhaps based on the navigation widget)
by cl-weblocks 03 Aug '07

03 Aug '07

#16: Make page titles dynamic (perhaps based on the navigation widget) -----------------------------------+---------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: page title navigation | -----------------------------------+---------------------------------------- Currently page title is hardcoded in the 'with-page' function. We should make page titles dynamic. The should probably come from the navigation widget. -- Ticket URL: <http://trac.common-lisp.net/cl-weblocks/ticket/16> cl-weblocks <http://common-lisp.net/project/cl-weblocks> cl-weblocks

1 2

[cl-weblocks-ticket] #12: Make stylesheet and javascript requirements dynamic
by cl-weblocks 02 Aug '07

02 Aug '07

#12: Make stylesheet and javascript requirements dynamic ---------------------------------------------------------+------------------ Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: high | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: harcoded stylesheet javascript requirements | ---------------------------------------------------------+------------------ Currently stylesheet and javascript requirements are hardcoded in the 'with-page' function. The only way for users to override this is to redefine the function. We need to make these requirements configurable, and widgets should be able to register files that they require. Additionally, some form of dependecy graph or priority system needs to be implemented (order matters since some stylesheets override others). -- Ticket URL: <http://trac.common-lisp.net/cl-weblocks/ticket/12> cl-weblocks <http://common-lisp.net/project/cl-weblocks> cl-weblocks

1 1

[cl-weblocks-ticket] #51: Make debug toolbar a part of the regular flow
by cl-weblocks 02 Aug '07

02 Aug '07

#51: Make debug toolbar a part of the regular flow ---------------------------+------------------------------------------------ Reporter: anonymous | Owner: sakhmechet Type: enhancement | Status: new Priority: low | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Keywords: debug toolbar | ---------------------------+------------------------------------------------ Currently debug toolbar is rendered via a specialized code path in 'render-page'. The function that renders the toolbar presents no opportunity for extensibility. We need to generalize the code to make the debug toolbar a widget that's added as a part of regular flow. Additionally, the widget should open itself for user extensibility. -- Ticket URL: <http://trac.common-lisp.net/cl-weblocks/ticket/51> cl-weblocks <http://common-lisp.net/project/cl-weblocks> cl-weblocks

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

cl-weblocks-ticket August 2007