noguespi
noguespi
Yes no more compatible with play 2.1 RC2
I'm affected by this bug too on FF latest and chrome latest.
How to display the token in the view ? now I'm using **${session.___AT}** it it the right way ? example : ``` logout ```
Yes I noticed this issue, so what I'm doing is calling session.getAuthenticityToken upon user login or session generation. I'm newbi with freemarker, why can't I call session.getAuthenticityToken from the template...
So what do you think about this feature ? It looks like 5.4.0 and NinjaClassicModule with the ability to disable some Ninja features is leaning towards this way. However, there...
Yes exactly what I have in mind
Same issue with the `Overlay` and `OverlayRef` component which is probably the root of the problem. (I didn't test but it seems `Dialog` is using the `OverlayContainer` defined in `Overlay`,...
not fixed in latest version v2.0.3 ``` com.google.gson.JsonIOException: java.net.MalformedURLException: no protocol: at com.google.gson.TypeAdapter.fromJsonTree(TypeAdapter.java:287) at com.twitter.clientlib.model.User$CustomTypeAdapterFactory$1.read(User.java:623) at com.twitter.clientlib.model.User$CustomTypeAdapterFactory$1.read(User.java:612) at com.google.gson.TypeAdapter$1.read(TypeAdapter.java:199) at com.google.gson.internal.bind.TypeAdapterRuntimeTypeWrapper.read(TypeAdapterRuntimeTypeWrapper.java:41) at com.google.gson.internal.bind.CollectionTypeAdapterFactory$Adapter.read(CollectionTypeAdapterFactory.java:82) at com.google.gson.internal.bind.CollectionTypeAdapterFactory$Adapter.read(CollectionTypeAdapterFactory.java:61) at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$1.read(ReflectiveTypeAdapterFactory.java:130) at com.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.read(ReflectiveTypeAdapterFactory.java:221) at...
> > [...] because the risk associated with this policy is very low. > > What's the reasoning behind this? > > Personally I would prefer Angular not to require...
The link you provided is not specifically about XSS in styles, but globally about bad sanitizing of HTML/javascript and XSS. What need to be discussed is how it is possible...