From cl-weblocks-devel at common-lisp.net Wed Aug 1 12:04:54 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Wed, 01 Aug 2007 12:04:54 -0000 Subject: [cl-weblocks-ticket] #44: ajax isearch will sometimes drop a callback in Firefox. Message-ID: <088.f6be1394f19f537fa8a67c2c422de903@common-lisp.net> #44: ajax isearch will sometimes drop a callback in Firefox. -------------------------------+-------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: defect | Status: new Priority: critical | Milestone: Component: weblocks | Version: Keywords: prototype firefox | -------------------------------+-------------------------------------------- Sometimes, at least when a table is populated with more data than in the default example (try creating a table with 30 rows), an exception will be trown by Firefox because the "status" element in an nsIXMLHttpRequest is being accessed. How to reproduce: Add a longer list of employees to the grid1 in application.lisp: {{{ (list employee1 employee2 employee3 employee1 employee2 ...<30 more>) }}} Reduce the latency to 0.1 seconds in isearch.lisp, line 31. {{{ (with-javascript "~ new Form.Element.DelayedObserver('~A', 0.1, function(elem, value) {~ initiateFormAction('~A', $('~A'), '~A'); });" }}} Install firebug, and set a brakepoint at roughly line 1114 in prototype.js {{{ } catch (e) { 1114 this.dispatchException(e); <--- breakpoint on this line. 1115 } }}} After playing around with the isearch, you will see the following exception being thrown (really by the nearby success() function): {{{ [Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIXMLHttpRequest.status]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: http://foo.org:8090/pub/scripts/prototype.js :: anonymous :: line 1109" data: no] columnNumber 0 data null filename "http://foo.org:8090/pub/scripts/prototype.js" inner null lineNumber 1109 location JS frame :: http://foo.org:8090/pub/scripts/prototype.js :: anonymous :: line 1109 language=2 languageName=JavaScript message "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIXMLHttpRequest.status]" name "NS_ERROR_NOT_AVAILABLE" result 2147746065 QueryInterface QueryInterface() initialize initialize() }}} From what I understand from random readings on the web, this can be caused by reading the nxIXMLHttpRequest.status in an onError handler (which does not seem to happen in this case), or it can happen if the ajax request is being aborted. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Wed Aug 1 12:14:11 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Wed, 01 Aug 2007 12:14:11 -0000 Subject: [cl-weblocks-ticket] #45: Don't use gensym for actions to avoid XSS attacks Message-ID: <088.6c683e159bb5cb5df33a22a2aebcebd1@common-lisp.net> #45: Don't use gensym for actions to avoid XSS attacks -----------------------+---------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: defect | Status: new Priority: critical | Milestone: Component: weblocks | Version: Keywords: security | -----------------------+---------------------------------------------------- gensym-based action urls can be guessed and thus the following attack is possible: A user has his weblock-based bank system open. In gmail, the user gets a link to a web-page that will generate lots of guessed action urls that transfers funds out of the users bank account. Ways to fix: 1. Require session id in URLs[[BR]] 2. Or, generate stronger non-gensym based action ids -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Wed Aug 1 12:32:16 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Wed, 01 Aug 2007 12:32:16 -0000 Subject: [cl-weblocks-ticket] #46: Use css sprites to improve latency of default style Message-ID: <088.f0bb840c5ca6ef4a7e91b586c408d03e@common-lisp.net> #46: Use css sprites to improve latency of default style -----------------------------------------+---------------------------------- Reporter: anonymous | Owner: sakhmechet Type: defect | Status: new Priority: wishlist | Milestone: Component: weblocks | Version: Keywords: latency performance css png | -----------------------------------------+---------------------------------- The default page will load 33 pngs. A lot of these average at around 200- 300 bytes in size. Using CSS sprites can improve latency and the feel of a weblocks application a lot. I am measuring around 2s load time using firebug on the default weblocks- demo page. My guess is that CSS sprites can shave off around .5 seconds. How to reproduce: {{{ (require :weblocks-demo) (weblocks:start-server) }}} In firefox, install firebug. Enable firebug for your site. Do a "shift-reload" (holding shift down while doing a reload) to do a fresh load of the front-page. Inspect the "Net" tab in firebug to get a timeline. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Wed Aug 1 12:52:11 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Wed, 01 Aug 2007 12:52:11 -0000 Subject: [cl-weblocks-ticket] #47: combine js and css files to improve latency of default style Message-ID: <088.45986cf19ce558e6f5244cc4c364c433@common-lisp.net> #47: combine js and css files to improve latency of default style ---------------------------------------------------+------------------------ Reporter: anonymous | Owner: sakhmechet Type: enhancement | Status: new Priority: wishlist | Milestone: Component: weblocks | Version: Keywords: latency performance css javascript js | ---------------------------------------------------+------------------------ Latency of the default page could be improved a lot by combining the js- files into one file. The weblocks-demo default page loads 5 js files. These loads are serialized and it takes 1.2 seconds to load all of the JS. Making sure only necessary files are loaded (ticket #16) can be combined with this ticket by creating a cache of combinations of js-files that are required for a given page. The same applies to CSS. 11 CSS files are being used. Firefox loads them serially, spending roughly 0.7 seconds on this. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Wed Aug 1 15:15:33 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Wed, 01 Aug 2007 15:15:33 -0000 Subject: [cl-weblocks-ticket] Re: #5: Gridedit item deletion confirmation In-Reply-To: <088.7c6ef4c824f339165b7478102096ec80@common-lisp.net> References: <088.7c6ef4c824f339165b7478102096ec80@common-lisp.net> Message-ID: <097.9a7719cee4c316861251646214f2c311@common-lisp.net> #5: Gridedit item deletion confirmation --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: item deletion gridedit --------------------------+------------------------------------------------- Comment (by sakhmechet): Ensure that the 'confirm' button is done via POST - currently items are deleted via because there is no confirmation dialog. Noticed by nirs (http://programming.reddit.com/user/nirs/) -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Wed Aug 1 15:18:49 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Wed, 01 Aug 2007 15:18:49 -0000 Subject: [cl-weblocks-ticket] #48: Validate against long input by default. Message-ID: <088.44b2b314c6fdd4043f3654cc61726158@common-lisp.net> #48: Validate against long input by default. -------------------------------+-------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: high | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: validation length | -------------------------------+-------------------------------------------- Create an input length validator and make it default for all fields. Currently weblocks allows entering really long input. Different field types should have different default length (multiline vs. singleline elements, password elements, etc.) -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Wed Aug 1 20:35:58 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Wed, 01 Aug 2007 20:35:58 -0000 Subject: [cl-weblocks-ticket] Re: #47: combine js and css files to improve latency of default style In-Reply-To: <088.45986cf19ce558e6f5244cc4c364c433@common-lisp.net> References: <088.45986cf19ce558e6f5244cc4c364c433@common-lisp.net> Message-ID: <097.672a2eb33ad34a558366d1056fca8a72@common-lisp.net> #47: combine js and css files to improve latency of default style --------------------------+------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: enhancement | Status: new Priority: low | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: latency performance css javascript js --------------------------+------------------------------------------------- Changes (by sakhmechet): * milestone: => 0.2 * priority: wishlist => low * version: => pre-0.1 Comment: I think this is related to ticket #12, not #16. I'll work on this for 0.2 milestone. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Wed Aug 1 20:36:44 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Wed, 01 Aug 2007 20:36:44 -0000 Subject: [cl-weblocks-ticket] Re: #46: Use css sprites to improve latency of default style In-Reply-To: <088.f0bb840c5ca6ef4a7e91b586c408d03e@common-lisp.net> References: <088.f0bb840c5ca6ef4a7e91b586c408d03e@common-lisp.net> Message-ID: <097.67fb1f5c8dda12e8ec568e4ef221b11a@common-lisp.net> #46: Use css sprites to improve latency of default style ------------------------+--------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: defect | Status: new Priority: low | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: latency performance css png ------------------------+--------------------------------------------------- Changes (by sakhmechet): * milestone: => 0.2 * priority: wishlist => low * version: => pre-0.1 Comment: Moving to 0.2 milestone. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Wed Aug 1 20:40:48 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Wed, 01 Aug 2007 20:40:48 -0000 Subject: [cl-weblocks-ticket] Re: #45: Don't use gensym for actions to avoid XSS attacks In-Reply-To: <088.6c683e159bb5cb5df33a22a2aebcebd1@common-lisp.net> References: <088.6c683e159bb5cb5df33a22a2aebcebd1@common-lisp.net> Message-ID: <097.7b5427d6f529d197cc543d6963d4dfd8@common-lisp.net> #45: Don't use gensym for actions to avoid XSS attacks ------------------------+--------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: defect | Status: new Priority: low | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: security ------------------------+--------------------------------------------------- Changes (by sakhmechet): * milestone: => 0.2 * priority: critical => low * version: => pre-0.1 Comment: I don't think this is an issue. Weblocks stores actions per session specifically so that a user cannot access another user's actions (unless the session has been highjacked). If a malicious site generates a lot of 'transfer' actions the user still won't be able to access them. It's probably better to use a scheme that makes action URLs harder to guess anyway, but this isn't critical. Moving to 0.2. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Wed Aug 1 20:45:18 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Wed, 01 Aug 2007 20:45:18 -0000 Subject: [cl-weblocks-ticket] Re: #44: ajax isearch will sometimes drop a callback in Firefox. In-Reply-To: <088.f6be1394f19f537fa8a67c2c422de903@common-lisp.net> References: <088.f6be1394f19f537fa8a67c2c422de903@common-lisp.net> Message-ID: <097.27e3d369c13cb7bf3d1466c6fd3522e7@common-lisp.net> #44: ajax isearch will sometimes drop a callback in Firefox. ------------------------+--------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: defect | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: prototype firefox ------------------------+--------------------------------------------------- Changes (by sakhmechet): * milestone: => 0.1 * priority: critical => medium * version: => pre-0.1 Comment: Could be an issue with too many simultanious ajax requests? I'll take a look at this. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Wed Aug 1 21:22:08 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Wed, 01 Aug 2007 21:22:08 -0000 Subject: [cl-weblocks-ticket] #49: Bad type declaration for (or bad initialization of) STATE slot in US-STATE Message-ID: <088.45245c113ace0106b19a93d351e9554b@common-lisp.net> #49: Bad type declaration for (or bad initialization of) STATE slot in US-STATE -----------------------+---------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: defect | Status: new Priority: low | Milestone: Component: weblocks | Version: Keywords: | -----------------------+---------------------------------------------------- In the US-STATE class definition it is asserted that the slot STATE will only hold values of type STRING. There is a US-STATE method which passes NIL as a value to initialize STATE. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Wed Aug 1 21:46:42 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Wed, 01 Aug 2007 21:46:42 -0000 Subject: [cl-weblocks-ticket] Re: #45: Don't use gensym for actions to avoid XSS attacks In-Reply-To: <088.6c683e159bb5cb5df33a22a2aebcebd1@common-lisp.net> References: <088.6c683e159bb5cb5df33a22a2aebcebd1@common-lisp.net> Message-ID: <097.2c5550c5d8299234f09c87eee62f3b88@common-lisp.net> #45: Don't use gensym for actions to avoid XSS attacks ------------------------+--------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: defect | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: security ------------------------+--------------------------------------------------- Changes (by sakhmechet): * milestone: 0.2 => 0.1 * priority: low => medium Comment: On 8/1/07, Alexander Kjeldaas wrote: > > One user accessing another user's stuff is not the attack I am describing. > The attack I am describing is a purely destructive *someone making a user do > stuff* attack. Get a user to do something that they didn't really intend to > do. In order to do this, one only need to get the user to click on a link > that has a guessed action in it. I see. A multistep solution that comes to mind is this: 1. Split actions into destructive actions that modify back-end data, and 'pure' actions. 2. Ensure that destructive actions are only executed if the HTTP request is initiated via POST. I'll have to double check, but I think browsers don't allow forms to send POST requests to domains different from where HTML originally came from. 3. Programmers will sometimes make mistakes and create destructive actions as regular ones (we could prevent them from doing it in Haskell, but unfortunately not in Lisp). This means all actions, not just destructive ones must have URLs that are hard to guess. I'm not sure if I want to implement #1 (and therefore #2) because it forces a programmer to choose between two ways of creating an action. On the other hand this might be a good thing - this is something that needs to be thought out. #3 should definetly be implemented. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Wed Aug 1 21:48:05 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Wed, 01 Aug 2007 21:48:05 -0000 Subject: [cl-weblocks-ticket] Re: #45: Don't use gensym for actions to avoid XSS attacks In-Reply-To: <088.6c683e159bb5cb5df33a22a2aebcebd1@common-lisp.net> References: <088.6c683e159bb5cb5df33a22a2aebcebd1@common-lisp.net> Message-ID: <097.12aa8cf73d57aa6fa15163fb300653a7@common-lisp.net> #45: Don't use gensym for actions to avoid XSS attacks ------------------------+--------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: defect | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: security ------------------------+--------------------------------------------------- Comment (by sakhmechet): Please forgive the bad formatting. Numbers above don't mean tickets, but points from Alexander's email. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Wed Aug 1 21:53:55 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Wed, 01 Aug 2007 21:53:55 -0000 Subject: [cl-weblocks-ticket] Re: #49: Bad type declaration for (or bad initialization of) STATE slot in US-STATE In-Reply-To: <088.45245c113ace0106b19a93d351e9554b@common-lisp.net> References: <088.45245c113ace0106b19a93d351e9554b@common-lisp.net> Message-ID: <097.8b23bf34c580b26a849e4ee0dda396e1@common-lisp.net> #49: Bad type declaration for (or bad initialization of) STATE slot in US-STATE ------------------------+--------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: defect | Status: closed Priority: low | Milestone: Component: weblocks | Version: Resolution: duplicate | Keywords: ------------------------+--------------------------------------------------- Changes (by sakhmechet): * resolution: => duplicate * status: new => closed Comment: This is heavily related to ticket #36. Once #36 is fixed this part of the demo will be reworked. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Thu Aug 2 16:43:01 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Thu, 02 Aug 2007 16:43:01 -0000 Subject: [cl-weblocks-ticket] #50: Automatically diff actual and expected output in deftest-html Message-ID: <088.9c1c19be8e5c53d2cb182bca6bd9eb27@common-lisp.net> #50: Automatically diff actual and expected output in deftest-html -------------------------+-------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: enhancement | Status: new Priority: low | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: | -------------------------+-------------------------------------------------- Currently when unit tests that are defined with deftest-html macro fail, it's very hard to tell the difference between actual and expected HTML, especially if the output is long. It's usually necessary to invoke ediff- buffers in Emacs (or some other diff utility). Automatically diffing actual and expected output and presenting the diff as a result of a failed test would significantly ease debugging. This could be done with CL-HTML-DIFF or CL-DIFFLIB library. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Thu Aug 2 17:41:21 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Thu, 02 Aug 2007 17:41:21 -0000 Subject: [cl-weblocks-ticket] #51: Make debug toolbar a part of the regular flow Message-ID: <088.6a780e0a7f91e79b59286c48f416f877@common-lisp.net> #51: Make debug toolbar a part of the regular flow ---------------------------+------------------------------------------------ Reporter: anonymous | Owner: sakhmechet Type: enhancement | Status: new Priority: low | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Keywords: debug toolbar | ---------------------------+------------------------------------------------ Currently debug toolbar is rendered via a specialized code path in 'render-page'. The function that renders the toolbar presents no opportunity for extensibility. We need to generalize the code to make the debug toolbar a widget that's added as a part of regular flow. Additionally, the widget should open itself for user extensibility. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Thu Aug 2 18:06:12 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Thu, 02 Aug 2007 18:06:12 -0000 Subject: [cl-weblocks-ticket] Re: #12: Make stylesheet and javascript requirements dynamic In-Reply-To: <088.d823adf93bf23a12712a6667979eddbe@common-lisp.net> References: <088.d823adf93bf23a12712a6667979eddbe@common-lisp.net> Message-ID: <097.2dd80aff0826e75532af1a2736f01a47@common-lisp.net> #12: Make stylesheet and javascript requirements dynamic --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: closed Priority: high | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: fixed | Keywords: harcoded stylesheet javascript requirements --------------------------+------------------------------------------------- Changes (by sakhmechet): * resolution: => fixed * status: new => closed Comment: Fixed. When each widget is rendered, weblocks determines the resources it depends on via 'widget-public-dependencies' (by default widget's name is used to find a common sense 'magick' location of the resources). Additionally, application-wide resources can be passed via *application- public-dependencies*. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Thu Aug 2 19:33:14 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Thu, 02 Aug 2007 19:33:14 -0000 Subject: [cl-weblocks-ticket] Re: #7: Widgets should be able to optionally expose state on the URL In-Reply-To: <088.65fb986a0f6497784a23d308db1676c9@common-lisp.net> References: <088.65fb986a0f6497784a23d308db1676c9@common-lisp.net> Message-ID: <097.9d4faf7390464d42d5b8f6516d6d4b9a@common-lisp.net> #7: Widgets should be able to optionally expose state on the URL --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: navigation state URL --------------------------+------------------------------------------------- Comment (by sakhmechet): We should consider how 'dynamic' navigation widgets will affect 'page- title' facility. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Thu Aug 2 19:34:14 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Thu, 02 Aug 2007 19:34:14 -0000 Subject: [cl-weblocks-ticket] Re: #50: Automatically diff actual and expected output in deftest-html In-Reply-To: <088.9c1c19be8e5c53d2cb182bca6bd9eb27@common-lisp.net> References: <088.9c1c19be8e5c53d2cb182bca6bd9eb27@common-lisp.net> Message-ID: <097.18519e5d0b59b36b8c2fc5ea187e2f1d@common-lisp.net> #50: Automatically diff actual and expected output in deftest-html --------------------------+------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: enhancement | Status: new Priority: low | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: --------------------------+------------------------------------------------- Changes (by sakhmechet): * milestone: 0.1 => 0.2 Comment: Moving non-essential improvement items to 0.2 milestone. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Fri Aug 3 03:18:03 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Fri, 03 Aug 2007 03:18:03 -0000 Subject: [cl-weblocks-ticket] Re: #16: Make page titles dynamic (perhaps based on the navigation widget) In-Reply-To: <088.56998c1b3ba84eb12821a14fe9d4522e@common-lisp.net> References: <088.56998c1b3ba84eb12821a14fe9d4522e@common-lisp.net> Message-ID: <097.19f6920841728ca159ec7edf1ccba4a4@common-lisp.net> #16: Make page titles dynamic (perhaps based on the navigation widget) --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: closed Priority: high | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: fixed | Keywords: page title navigation --------------------------+------------------------------------------------- Changes (by sakhmechet): * resolution: => fixed * status: new => closed Comment: Fixed. Page titles are now generated with 'page-title' function. Web application name and description, as well as current page name (grabbed from the navigation control by default) are used. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Fri Aug 3 04:46:23 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Fri, 03 Aug 2007 04:46:23 -0000 Subject: [cl-weblocks-ticket] Re: #29: Refactor form and input markup into snippets In-Reply-To: <088.30f79aa2f33ae225af82694081645556@common-lisp.net> References: <088.30f79aa2f33ae225af82694081645556@common-lisp.net> Message-ID: <097.7b5124d11b40ef5dafb28eacf7a8066c@common-lisp.net> #29: Refactor form and input markup into snippets --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: refactor form markup snippet --------------------------+------------------------------------------------- Comment (by sakhmechet): Note, render-link should be a snippet, not an action. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Fri Aug 3 05:52:11 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Fri, 03 Aug 2007 05:52:11 -0000 Subject: [cl-weblocks-ticket] Re: #34: Escape HTML outputted by 'render-data' to prevent XSS attacks In-Reply-To: <088.505ddbfadceb958df163f672c9368dd6@common-lisp.net> References: <088.505ddbfadceb958df163f672c9368dd6@common-lisp.net> Message-ID: <097.118dd5b1ae6258846f2a07dd4a5d287d@common-lisp.net> #34: Escape HTML outputted by 'render-data' to prevent XSS attacks -------------------------+-------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: cross-site scripting SQL injection sanitize -------------------------+-------------------------------------------------- Changes (by sakhmechet): * summary: Sanitize input to prevent cross-site scripting and SQL injection => Escape HTML outputted by 'render- data' to prevent XSS attacks Comment: The goals of this ticket are too broad and ill defined. SQL injection is an unrelated issue and input sanitation depends on the type of data. For now we should change the goal to escaping HTML outputted by 'render-data' since all widgets [should] use it for rendering. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Fri Aug 3 18:28:40 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Fri, 03 Aug 2007 18:28:40 -0000 Subject: [cl-weblocks-ticket] Re: #34: Escape HTML outputted by 'render-data' to prevent XSS attacks In-Reply-To: <088.505ddbfadceb958df163f672c9368dd6@common-lisp.net> References: <088.505ddbfadceb958df163f672c9368dd6@common-lisp.net> Message-ID: <097.a9ecc90de98b80b46546569f7b4c276e@common-lisp.net> #34: Escape HTML outputted by 'render-data' to prevent XSS attacks -------------------------+-------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: closed Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: fixed | Keywords: cross-site scripting SQL injection sanitize -------------------------+-------------------------------------------------- Changes (by sakhmechet): * resolution: => fixed * status: new => closed Comment: Fixed. 'render-data' now escapes all output. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Fri Aug 3 20:07:09 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Fri, 03 Aug 2007 20:07:09 -0000 Subject: [cl-weblocks-ticket] #52: Refreshing POST requests causes gridedit item addition related issues Message-ID: <088.bb695a7a0710d868af8a5098bf1647a7@common-lisp.net> #52: Refreshing POST requests causes gridedit item addition related issues -----------------------------------+---------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: low | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: refresh POST gridedit | -----------------------------------+---------------------------------------- Refreshing a page when !JavaScript is disabled after item has been added to gridedit causes the same instace of an item to be added to the data twice. If one item of the added ones is selected and delete is pressed, all items added during the refresh will be deleted. 'gridedit-add-item' should be modified not to add two instances of the same object. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Fri Aug 3 20:40:18 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Fri, 03 Aug 2007 20:40:18 -0000 Subject: [cl-weblocks-ticket] #53: Research switching from using slot's :type specifier to our own metaclass Message-ID: <088.9100aeaa05b2450b4ec8eb91c5f26a0b@common-lisp.net> #53: Research switching from using slot's :type specifier to our own metaclass --------------------------------+------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: slot type renderer | --------------------------------+------------------------------------------- Note, some implementations (like OpenMCL) enforce slot type specializations. If we set a slot's type as integer, OpenMCL will not let us assign nil. Currently we rely on default values of data types to be nil, but in case of OpenMCL we're forced to set the default to some integer value. For some types of data (like age, for example) this leads to weird 'default' age of zero. In the future, we may want to rely on boundp instead of checking for nil. Additionally, some implementations (CLISP) don't return the value of type declaration as is: if we define a new type alias 'age', set the type for a slot, and then query the type of the slot, we may get back a different value equivalent to age. In light of these facts, we may want to consider creating a new metaclass for datatypes and using a new slot specifier instead of 'type'. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Sat Aug 4 15:39:21 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Sat, 04 Aug 2007 15:39:21 -0000 Subject: [cl-weblocks-ticket] #54: Integrate weblocks-demo into weblocks source tree under examples directory Message-ID: <088.b127e77c22967192ba309a69b79b74a8@common-lisp.net> #54: Integrate weblocks-demo into weblocks source tree under examples directory ---------------------------+------------------------------------------------ Reporter: anonymous | Owner: sakhmechet Type: enhancement | Status: new Priority: low | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: examples demo | ---------------------------+------------------------------------------------ Weblocks-demo should be integrated into weblocks under /examples directory. We should develop ways to unit test the application code, not just component code, and ensure that unit tests of future example projects run as part of weblocks-test suite. This should probably be done after ticket #35. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Mon Aug 6 04:34:39 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Mon, 06 Aug 2007 04:34:39 -0000 Subject: [cl-weblocks-ticket] Re: #24: 'Blocks' should be renamed to 'snippets' In-Reply-To: <088.a15661dd4ae11ab6db367fc0a96d8106@common-lisp.net> References: <088.a15661dd4ae11ab6db367fc0a96d8106@common-lisp.net> Message-ID: <097.3889608cffacfb931b8d9a2aa49aed90@common-lisp.net> #24: 'Blocks' should be renamed to 'snippets' --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: closed Priority: low | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: fixed | Keywords: blocks snippets rename --------------------------+------------------------------------------------- Changes (by sakhmechet): * resolution: => fixed * status: new => closed -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Mon Aug 6 05:10:40 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Mon, 06 Aug 2007 05:10:40 -0000 Subject: [cl-weblocks-ticket] Re: #29: Refactor form and input markup into snippets In-Reply-To: <088.30f79aa2f33ae225af82694081645556@common-lisp.net> References: <088.30f79aa2f33ae225af82694081645556@common-lisp.net> Message-ID: <097.78307362c660ed9eaf77470f00e73421@common-lisp.net> #29: Refactor form and input markup into snippets --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: closed Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: fixed | Keywords: refactor form markup snippet --------------------------+------------------------------------------------- Changes (by sakhmechet): * resolution: => fixed * status: new => closed -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Mon Aug 6 05:29:34 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Mon, 06 Aug 2007 05:29:34 -0000 Subject: [cl-weblocks-ticket] Re: #45: Don't use gensym for actions to avoid XSS attacks In-Reply-To: <088.6c683e159bb5cb5df33a22a2aebcebd1@common-lisp.net> References: <088.6c683e159bb5cb5df33a22a2aebcebd1@common-lisp.net> Message-ID: <097.bcd89bf1bd118574f44cf19017fd5592@common-lisp.net> #45: Don't use gensym for actions to avoid XSS attacks ------------------------+--------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: defect | Status: closed Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: fixed | Keywords: security ------------------------+--------------------------------------------------- Changes (by sakhmechet): * resolution: => fixed * status: new => closed Comment: Fixed. I implemented approach 3 - action names should now be very hard to guess. I generate a random block of text, hash it with MD5 (to ensure an attacker can't crack the random number generator), and prepend it with a gensym counter (to avoid a very unlikely event of two MD5-encoding action names clashing in the same session). -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Mon Aug 6 19:12:40 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Mon, 06 Aug 2007 19:12:40 -0000 Subject: [cl-weblocks-ticket] Re: #15: Fix friendly URLs and form actions in W3M In-Reply-To: <088.5d89894eb12e40f203bcd440d623d152@common-lisp.net> References: <088.5d89894eb12e40f203bcd440d623d152@common-lisp.net> Message-ID: <097.a0c4e7c1064d4907c533f7ed04d636ba@common-lisp.net> #15: Fix friendly URLs and form actions in W3M -------------------------+-------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: closed Priority: high | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: fixed | Keywords: w3m friendly URL form actions -------------------------+-------------------------------------------------- Changes (by sakhmechet): * resolution: => fixed * status: new => closed Comment: Fixed. W3M doesn't like links that start with query arguments ('?action=...'). In this case it redirected to root ('/'). Unfortunately it doesn't like "unknown anchors ('#')" either. We now prepend full URI to the link. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Mon Aug 6 21:37:59 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Mon, 06 Aug 2007 21:37:59 -0000 Subject: [cl-weblocks-ticket] Re: #19: Extra tags div currently uses   contents which makes unstyled pages look unattractive In-Reply-To: <088.65da7a6357f201bdc6414f55307f31fc@common-lisp.net> References: <088.65da7a6357f201bdc6414f55307f31fc@common-lisp.net> Message-ID: <097.f997405b1774f3913c8b437794531aa0@common-lisp.net> #19: Extra tags div currently uses   contents which makes unstyled pages look unattractive -------------------------+-------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: closed Priority: low | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: fixed | Keywords: extra tags div -------------------------+-------------------------------------------------- Changes (by sakhmechet): * resolution: => fixed * status: new => closed -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Mon Aug 6 23:25:22 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Mon, 06 Aug 2007 23:25:22 -0000 Subject: [cl-weblocks-ticket] #55: Fix issues related to adding items to gridedit with JS turned off Message-ID: <088.6180749458495843f4891be067058abd@common-lisp.net> #55: Fix issues related to adding items to gridedit with JS turned off ----------------------------------------------+----------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: gridedit javascript off addition | ----------------------------------------------+----------------------------- When !JavaScript is turned off, dataform widget in add-item function of gridedit doesn't behave correctly. Gridedit creates a new dataform widget with every request so any validation errors and intermediate input fields aren't properly displayed. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 7 00:24:58 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 07 Aug 2007 00:24:58 -0000 Subject: [cl-weblocks-ticket] Re: #55: Fix issues related to adding items to gridedit with JS turned off In-Reply-To: <088.6180749458495843f4891be067058abd@common-lisp.net> References: <088.6180749458495843f4891be067058abd@common-lisp.net> Message-ID: <097.f93af9e9b4e22d09c67b1eb72cb76676@common-lisp.net> #55: Fix issues related to adding items to gridedit with JS turned off -------------------------+-------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: closed Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: fixed | Keywords: gridedit javascript off addition -------------------------+-------------------------------------------------- Changes (by sakhmechet): * resolution: => fixed * status: new => closed Comment: The dataform widget instance is now reused until the item is successfully submitted or the action is cancelled. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 7 00:57:48 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 07 Aug 2007 00:57:48 -0000 Subject: [cl-weblocks-ticket] Re: #40: Rename gridedit widget to a more fitting name In-Reply-To: <088.c553595f21172622adf594c9a498bc78@common-lisp.net> References: <088.c553595f21172622adf594c9a498bc78@common-lisp.net> Message-ID: <097.65e728cafcb521e5471cb03a80d66472@common-lisp.net> #40: Rename gridedit widget to a more fitting name --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: closed Priority: low | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: duplicate | Keywords: rename gridedit --------------------------+------------------------------------------------- Changes (by sakhmechet): * resolution: => duplicate * status: new => closed Comment: Renaming widgets should be consolidated under ticket #28. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 7 00:59:15 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 07 Aug 2007 00:59:15 -0000 Subject: [cl-weblocks-ticket] Re: #28: Give widgets better names In-Reply-To: <088.32d2d7a5d9e812c45fcc11c5cd2ee098@common-lisp.net> References: <088.32d2d7a5d9e812c45fcc11c5cd2ee098@common-lisp.net> Message-ID: <097.e5d81513138e4e1229ebb8de4373d090@common-lisp.net> #28: Give widgets better names -------------------------+-------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: low | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: rename datagrid grid -------------------------+-------------------------------------------------- Changes (by sakhmechet): * milestone: 0.1 => 0.2 * summary: Rename 'datagrid' widget to 'grid' => Give widgets better names Comment: Rename 'datagrid' widget to 'grid' Rename 'gridedit' widget to a more fitting name Rename 'dataform' widget to a more fitting name -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 7 01:00:00 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 07 Aug 2007 01:00:00 -0000 Subject: [cl-weblocks-ticket] Re: #14: Standardize fonts accross browsers and OSes (perhaps via Yahoo Font CSS?) In-Reply-To: <088.ab029768f0aac1777a66e1a9bf4c1cce@common-lisp.net> References: <088.ab029768f0aac1777a66e1a9bf4c1cce@common-lisp.net> Message-ID: <097.d8bc1de16817e88c54495778222d31a4@common-lisp.net> #14: Standardize fonts accross browsers and OSes (perhaps via Yahoo Font CSS?) --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: low | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: fonts yahoo css standard --------------------------+------------------------------------------------- Changes (by sakhmechet): * milestone: 0.1 => 0.2 -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 7 01:40:41 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 07 Aug 2007 01:40:41 -0000 Subject: [cl-weblocks-ticket] Re: #10: When a widget is being modified, move focus to that control and change page title In-Reply-To: <088.0aa30ac0c0d6bfba11e6a4c6a90d3b18@common-lisp.net> References: <088.0aa30ac0c0d6bfba11e6a4c6a90d3b18@common-lisp.net> Message-ID: <097.89c642c819e31e9bb20850f16c77b955@common-lisp.net> #10: When a widget is being modified, move focus to that control and change page title --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: low | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: accessibility focus widget change title --------------------------+------------------------------------------------- Changes (by sakhmechet): * milestone: 0.1 => 0.2 -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 7 01:41:18 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 07 Aug 2007 01:41:18 -0000 Subject: [cl-weblocks-ticket] Re: #9: Consider redirecting the browser to hide all non user-friendly actions on non-ajax requests In-Reply-To: <088.18138f2e591ed31a511a70a192a3299b@common-lisp.net> References: <088.18138f2e591ed31a511a70a192a3299b@common-lisp.net> Message-ID: <097.441d50d1544027ad8669e33a545242f8@common-lisp.net> #9: Consider redirecting the browser to hide all non user-friendly actions on non-ajax requests --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: low | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: non-AJAX request redirect --------------------------+------------------------------------------------- Changes (by sakhmechet): * milestone: 0.1 => 0.2 -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 7 02:29:41 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 07 Aug 2007 02:29:41 -0000 Subject: [cl-weblocks-ticket] Re: #25: Refactor flash widget styling In-Reply-To: <088.54d91eb8fe8ae7f75e00b28061866f9e@common-lisp.net> References: <088.54d91eb8fe8ae7f75e00b28061866f9e@common-lisp.net> Message-ID: <097.b08915b20f585b680fdd98f668c56d84@common-lisp.net> #25: Refactor flash widget styling -------------------------+-------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: low | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: flash styling -------------------------+-------------------------------------------------- Changes (by sakhmechet): * milestone: 0.1 => 0.2 -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 7 18:28:18 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 07 Aug 2007 18:28:18 -0000 Subject: [cl-weblocks-ticket] Re: #17: Create a script that automates starting new weblocks projects In-Reply-To: <088.247847085f0809ab0e03a1e6c438ffb5@common-lisp.net> References: <088.247847085f0809ab0e03a1e6c438ffb5@common-lisp.net> Message-ID: <097.c6dcfdb2ec388051da5684f5845dfb40@common-lisp.net> #17: Create a script that automates starting new weblocks projects --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: closed Priority: high | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: fixed | Keywords: script new projects --------------------------+------------------------------------------------- Changes (by sakhmechet): * resolution: => fixed * status: new => closed Comment: Fixed. Function 'make-application' has been added to weblocks-scripts. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Mon Aug 13 04:44:33 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Mon, 13 Aug 2007 04:44:33 -0000 Subject: [cl-weblocks-ticket] Re: #50: Automatically diff actual and expected output in deftest-html In-Reply-To: <088.9c1c19be8e5c53d2cb182bca6bd9eb27@common-lisp.net> References: <088.9c1c19be8e5c53d2cb182bca6bd9eb27@common-lisp.net> Message-ID: <097.f0dc71fcc3705eee58df09efe4dce05b@common-lisp.net> #50: Automatically diff actual and expected output in deftest-html --------------------------+------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: enhancement | Status: new Priority: low | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: --------------------------+------------------------------------------------- Comment (by sakhmechet): Suggested by Chaitanya: Maybe the HTML strings should be converted to LHTML [1], and then we create an equality function like lhtml-equal-p to check for equality rather than simply equal? 1. Franz's HTML parser - http://opensource.franz.com/xmlutils/xmlutils-dist/phtml.htm -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 14 00:19:02 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 14 Aug 2007 00:19:02 -0000 Subject: [cl-weblocks-ticket] #56: Nested navigation widgets are rendered in wrong order Message-ID: <088.88d33bfd1851a97ea410e860e06cb85a@common-lisp.net> #56: Nested navigation widgets are rendered in wrong order ---------------------------------------+------------------------------------ Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: low | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Keywords: navigation stylesheet css | ---------------------------------------+------------------------------------ Nested navigation widgets are rendered in unintuitive order. By default we should style navigation widgets in a way that would be intuitive to the user. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 14 00:22:46 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 14 Aug 2007 00:22:46 -0000 Subject: [cl-weblocks-ticket] Re: #36: Modify renderers to allow specialization on slot types In-Reply-To: <088.aec19e707fbe11b3f56168004f5fea7b@common-lisp.net> References: <088.aec19e707fbe11b3f56168004f5fea7b@common-lisp.net> Message-ID: <097.d769ed19eb9e2047cda0550ca0806476@common-lisp.net> #36: Modify renderers to allow specialization on slot types --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: renderers slots types dropdown custom --------------------------+------------------------------------------------- Comment (by sakhmechet): We have to think of a unified solution for humanize-typespec, invalid- input-error-message, and render-[form/data/table] as far as dealing with subclasses. If we simply pass symbols sniffed from deftype, all inheritance information will be lost. We should try find-class on those symbols first and use classes if possible. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 14 01:22:20 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 14 Aug 2007 01:22:20 -0000 Subject: [cl-weblocks-ticket] #57: Ensure all unit tests pass on all supported CL implementations Message-ID: <088.a536dcaa837515ca0157df7cba134340@common-lisp.net> #57: Ensure all unit tests pass on all supported CL implementations ----------------------------------------+----------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: low | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: unit tests implementations | ----------------------------------------+----------------------------------- Currently many unit tests fail on implementations other than the main development one (SBCL). We need to ensure all unit tests pass on all supported implementations. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 14 02:19:04 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 14 Aug 2007 02:19:04 -0000 Subject: [cl-weblocks-ticket] #58: Add an optional close button to flash Message-ID: <088.d2df7e6861ffce2e6cabdc54371c7a57@common-lisp.net> #58: Add an optional close button to flash ---------------------------------------+------------------------------------ Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: low | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Keywords: flash widget close button | ---------------------------------------+------------------------------------ Add an optional close button to flash widget. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 14 04:13:43 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 14 Aug 2007 04:13:43 -0000 Subject: [cl-weblocks-ticket] Re: #53: Research switching from using slot's :type specifier to our own metaclass In-Reply-To: <088.9100aeaa05b2450b4ec8eb91c5f26a0b@common-lisp.net> References: <088.9100aeaa05b2450b4ec8eb91c5f26a0b@common-lisp.net> Message-ID: <097.192016dac3e69f49221c5c79c35c0560@common-lisp.net> #53: Research switching from using slot's :type specifier to our own metaclass -------------------------+-------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: closed Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: fixed | Keywords: slot type renderer -------------------------+-------------------------------------------------- Changes (by sakhmechet): * resolution: => fixed * status: new => closed Comment: Initforms are no longer required. Weblocks is now changed to fully rely on typespecs for input validation. Direct-slot-object always returns type declaration as it was declared. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 14 17:12:36 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 14 Aug 2007 17:12:36 -0000 Subject: [cl-weblocks-ticket] Re: #36: Modify renderers to allow specialization on slot types In-Reply-To: <088.aec19e707fbe11b3f56168004f5fea7b@common-lisp.net> References: <088.aec19e707fbe11b3f56168004f5fea7b@common-lisp.net> Message-ID: <097.57243777c8d426ab2e83edd20d4b6b8b@common-lisp.net> #36: Modify renderers to allow specialization on slot types --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: renderers slots types dropdown custom --------------------------+------------------------------------------------- Comment (by sakhmechet): Once we've added slot-type (and obj) to render-form/data/etc, we should add :maxlength attribute to 'render-form' obtained via 'max-raw-slot- input-length'. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 14 17:15:10 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 14 Aug 2007 17:15:10 -0000 Subject: [cl-weblocks-ticket] Re: #33: Refactor, document, and unit test overly complex functions In-Reply-To: <088.a2b5cb918aa7dcba13512ac81c32d4d4@common-lisp.net> References: <088.a2b5cb918aa7dcba13512ac81c32d4d4@common-lisp.net> Message-ID: <097.2892ab20338f8e051fa9bdb8a1c52a4a@common-lisp.net> #33: Refactor, document, and unit test overly complex functions -------------------------+-------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: medium | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: refactor 'handle-client-request' -------------------------+-------------------------------------------------- Changes (by sakhmechet): * summary: Refactor, document, and unit test 'handle-client-request' => Refactor, document, and unit test overly complex functions Comment: We should refactor and unit test 'object-from-request-valid-p' along with 'handle-client-request'. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 14 17:32:36 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 14 Aug 2007 17:32:36 -0000 Subject: [cl-weblocks-ticket] Re: #48: Validate against long input by default. In-Reply-To: <088.44b2b314c6fdd4043f3654cc61726158@common-lisp.net> References: <088.44b2b314c6fdd4043f3654cc61726158@common-lisp.net> Message-ID: <097.ecf7dc355fd0bcfaf70913da0cfb8a26@common-lisp.net> #48: Validate against long input by default. -------------------------+-------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: closed Priority: high | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: fixed | Keywords: validation length -------------------------+-------------------------------------------------- Changes (by sakhmechet): * resolution: => fixed * status: new => closed Comment: Fixed by adding 'max-raw-slot-input-length' to the protocol. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Fri Aug 17 00:38:00 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Fri, 17 Aug 2007 00:38:00 -0000 Subject: [cl-weblocks-ticket] #59: Fix Unicode issues Message-ID: <088.180ac7324dbb38baf0d68297c191e585@common-lisp.net> #59: Fix Unicode issues ------------------------+--------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: high | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Keywords: unicode | ------------------------+--------------------------------------------------- Currently inputting unicode characters (like ?, ?, ?) causes problems on the server. This needs to be fixed. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Fri Aug 17 06:42:15 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Fri, 17 Aug 2007 06:42:15 -0000 Subject: [cl-weblocks-ticket] Re: #59: Fix Unicode issues In-Reply-To: <088.180ac7324dbb38baf0d68297c191e585@common-lisp.net> References: <088.180ac7324dbb38baf0d68297c191e585@common-lisp.net> Message-ID: <097.604bc7af6f23dc77e9fbc74a49a5e719@common-lisp.net> #59: Fix Unicode issues -------------------------+-------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: closed Priority: high | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: fixed | Keywords: unicode -------------------------+-------------------------------------------------- Changes (by sakhmechet): * resolution: => fixed * status: new => closed Comment: Fixed. JSON shouldn't be sent as X-JSON header property because HTTP headers do not have an encoding. It's now sent as part of the body. Hunchentoot is configured to send and receive data in utf-8. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Sat Aug 18 19:57:58 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Sat, 18 Aug 2007 19:57:58 -0000 Subject: [cl-weblocks-ticket] Re: #37: Handle CLOS object references ('foreign keys') in form renderers In-Reply-To: <088.6a4164a15c4fd49bd5832869e8900f5d@common-lisp.net> References: <088.6a4164a15c4fd49bd5832869e8900f5d@common-lisp.net> Message-ID: <097.5b103894eb9f85c4bf0b3b3cd55ab42b@common-lisp.net> #37: Handle CLOS object references ('foreign keys') in form renderers --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: renderers clos foreign key reference --------------------------+------------------------------------------------- Comment (by sakhmechet): Explore the possibility of using type declarations instead of magick "-ref" to determine if an object is to be rendered inline. This needs to be considered carefully as it may not be a good idea. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Sun Aug 19 21:49:19 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Sun, 19 Aug 2007 21:49:19 -0000 Subject: [cl-weblocks-ticket] #60: Documentation should be changed so that symbols are presented in uppercase Message-ID: <088.dee9258f787ff951eba7e6ccb4d2277a@common-lisp.net> #60: Documentation should be changed so that symbols are presented in uppercase --------------------------------------------+------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: low | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Keywords: documentation symbol uppercase | --------------------------------------------+------------------------------- Having symbols wrapped by apostrophes is not as nice as having them be in uppercase in documentation. We should make that change. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Tue Aug 21 04:16:11 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Tue, 21 Aug 2007 04:16:11 -0000 Subject: [cl-weblocks-ticket] Re: #33: Refactor, document, and unit test overly complex functions In-Reply-To: <088.a2b5cb918aa7dcba13512ac81c32d4d4@common-lisp.net> References: <088.a2b5cb918aa7dcba13512ac81c32d4d4@common-lisp.net> Message-ID: <097.fe9a2dba4d4516bf9db8fb598a67dc99@common-lisp.net> #33: Refactor, document, and unit test overly complex functions -------------------------+-------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: defect | Status: new Priority: medium | Milestone: 0.2 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: refactor 'handle-client-request' -------------------------+-------------------------------------------------- Comment (by sakhmechet): We should use 'progv' in 'handle-client-request'. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Wed Aug 22 02:43:44 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Wed, 22 Aug 2007 02:43:44 -0000 Subject: [cl-weblocks-ticket] Re: #36: Modify renderers to allow specialization on slot types In-Reply-To: <088.aec19e707fbe11b3f56168004f5fea7b@common-lisp.net> References: <088.aec19e707fbe11b3f56168004f5fea7b@common-lisp.net> Message-ID: <097.00054f5a8fa8c199f64484490b71cd75@common-lisp.net> #36: Modify renderers to allow specialization on slot types --------------------------+------------------------------------------------- Reporter: sakhmechet | Owner: sakhmechet Type: enhancement | Status: new Priority: medium | Milestone: 0.1 Component: weblocks | Version: pre-0.1 Resolution: | Keywords: renderers slots types dropdown custom --------------------------+------------------------------------------------- Comment (by sakhmechet): We also need to apply typespec inspection mechanism to parse-slot-from- request, slot-in-request-empty-p, and object-satisfies-search-p. We should probably grep for slot-type to be sure. -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Thu Aug 30 14:01:03 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Thu, 30 Aug 2007 14:01:03 -0000 Subject: [cl-weblocks-ticket] #61: hgj Message-ID: <088.755507d8193ebcc3481ee2e411533a22@common-lisp.net> #61: hgj -----------------------+---------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: defect | Status: new Priority: critical | Milestone: Component: weblocks | Version: Keywords: | -----------------------+---------------------------------------------------- hgj -- Ticket URL: cl-weblocks cl-weblocks From cl-weblocks-devel at common-lisp.net Thu Aug 30 16:35:30 2007 From: cl-weblocks-devel at common-lisp.net (cl-weblocks) Date: Thu, 30 Aug 2007 16:35:30 -0000 Subject: [cl-weblocks-ticket] Re: #61: hgj In-Reply-To: <088.755507d8193ebcc3481ee2e411533a22@common-lisp.net> References: <088.755507d8193ebcc3481ee2e411533a22@common-lisp.net> Message-ID: <097.38be036339867a6ce12b7312e9974273@common-lisp.net> #61: hgj ------------------------+--------------------------------------------------- Reporter: anonymous | Owner: sakhmechet Type: defect | Status: closed Priority: critical | Milestone: Component: weblocks | Version: Resolution: invalid | Keywords: ------------------------+--------------------------------------------------- Changes (by sakhmechet): * resolution: => invalid * status: new => closed -- Ticket URL: cl-weblocks cl-weblocks