portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Woonsan Ko (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Resolved: (JS2-1063) PortletWindow desktop widget fails to render portlet content when the content has script tag with src attribute pointing a url of different domain.
Date Thu, 17 Sep 2009 10:53:57 GMT

     [ https://issues.apache.org/jira/browse/JS2-1063?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Woonsan Ko resolved JS2-1063.
-----------------------------

    Resolution: Fixed

Fixed by not trying to retrieve script content from a different domain website.
So, if a portlet content contains a script with different domain-based url, then the script
element will not be added in the desktop page.
By the way, if a script resource of a portlet content should be used in the desktop mode,
the script url should be translated to a local domain-based url by using reverse-proxying.
The desktop components cannot decide to do reverse proxying for the content. It's portlet
provider's own responsibility.

> PortletWindow desktop widget fails to render portlet content when the content has script
tag with src attribute pointing a url of different domain.
> ---------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: JS2-1063
>                 URL: https://issues.apache.org/jira/browse/JS2-1063
>             Project: Jetspeed 2
>          Issue Type: Bug
>          Components: Desktop
>    Affects Versions: 2.2.0
>            Reporter: Woonsan Ko
>            Assignee: Woonsan Ko
>             Fix For: 2.2.1
>
>
> PortletWindow widget (/javascript/jetspeed/widget/PortletWindow.src.js) tries to retrieve
script source which can be embedded in the script tag or retrieved from the remote url which
is set in "src" attribute to "fix" some script sources (such as attaching events or document.write
stuff) by proper dojo functions.
> The "_fixScripts" function in PortletWindow.src.js replaces some problematic script codes
which can screw up desktop page.
> For example,
> (addEventListener|attachEvent) -->
> jetspeed.postload_(addEventListener|attachEvent),
> (document.write|document.writeln) --> jetspeed.postload_docwrite
> (location.href) --> jetspeed.setdoclocation.
> However, because it fails to retrieve script sources from different domain urls for security
reasons, it fails to render the portlet content.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message