GXT 3.x only.
Could someone analyse and explain the connection between the three private fields in FileUploadField?
Specifically,
where is the onclick action of the button that would trigger fileinput display? If not where, then how.
How does the fileinput.getValue() get transferred to the text input widget?
If you could answer the above questions, you should be able to answer this one ... (but please don't answer this question if you do not provide answers to the above two questions). Is the following statement true, somewhat true or incidental?
GXT has deliberately made it impossible to trigger button onclick programmatically because Security Concerns should not allow the file input element to be triggered programmatically.
If that is true, (why?) I could still access the button and fileinput elements programmatically, anyway. There's no stopping me or anyone.
EDIT
OK, never mind item 2: fileinput value is transferred to text input at onChange method.
There is none. There is a <input type=file> painted invisibly over top of the 'real' button. When you click on this, the dialog comes up - the click 'hit's the <input type=file> instead of the button, but onBrowserEvent tells the button to behave like it was clicked anyway. As far as I'm aware, this is the only way to gain access to the file system (i.e. the "Choose a file") provided by the browser (at least that supports browsers without the new file api, or flash or another plugin).
The <input type=file> exposes access to the name (which may or may not be complete or even real) to the javascript on the page. This is, as you note, available in a DOM change event from the input itself. Only the file name is available (again, without the file api), and it might have a fake path (i.e. IE) or no path (everyone else).
This is not a security concern that GXT has anything to do with - instead the rube-goldberg layout of the dom of the field is to deal with the browser's security limitations. Using private on the <input> is just making it clear that you shouldn't be access it directly, and does nothing meaningful to prevent you from reading it. If you subclass this, go after getFileInput(), otherwise, use JSNI and the so-called violator pattern to grab a reference to the file field or that method.
Yep - this isn't about security, this is about writing maintainable code. See also https://stackoverflow.com/a/2954949/860630.
Related
I'm currently writing cucumber tests for widgets that will be (and are) implemented in different technologies (different web frameworks, Java Swing [not really, but it should technically be possible], etc). The tests are intended to describe the functionality of the widget under test, by directly emulating the input of a user. For example, a test could be phrased as something like "the user opens webpage X, then clicks there, then there, then there, and now I expect this textfield to contain the value Y".
The technology I'm currently implementing the tests in is the web, using Selenium.
Now, assuming a user wants to type something into a textfield, what the user would do in reality is click into the textfield and then start typing. On its own, typing on your keyboard doesn't have anything to do with the textfield - only because the click switched the focus to the textfield does the textfield receive the keyboard input.
Now, Selenium has a sendKeys method. What does this method do, precisely? The javadoc states "Use this method to simulate typing into an element, which may set its value".
Does the sendKeys method emulate a click (as if .click was called first) and then keyboard input, as a real user would? Or does it set the focus and then starts typing? Or does it circumvent focus altogether and simply sends "keyboard input" to the input element?
As certain widgets might exhibit special behavior if clicked, I need to know if Selenium performs a click under the hood, or if I manually have to call it in order to realistically emulate the user's behaviour.
Note: I have not added cucumber to the tags as it is, although relevant for context, only tangential to the actual question
Remember that elements can get keyboard focus in ways other than being clicked on. A user could use the tab key to navigate through the elements of a form, for example.
For Selenium and WebDriver, the steps taken by drivers for the sendKeys method are defined by the W3C WebDriver Specification. For setting the focus to an element before simulating the key input, that spec links, in turn, to the WHATWG HTML Specification.
The focusing occurs independent of a specific “click” action. In practice, a given spec implementation (chromedriver, geckodriver, etc) might “run the focusing steps” for the element by clicking on it. I don’t believe any implementations actually behave that way, but you’d need to validate that for the individual implementations.
Tl;dr, no, sendKeys does not necessarily imply a click.
How can i get the page URL in single-approver-definition.xml in the e-mail template that is used to send an e-mail to the content creator once the reviewer approves or rejects the submission. The existing xml is as follows:
<template>
Your submission has been reviewed and the reviewer has applied the following:
${taskComments}.
</template>
I tried ${serviceContext.getAttribute("contentURL")} and it didn't work.
I want to be able to do - Your submission for ${pageURL} has been reviewed and the reviewier has applied the following: \n ${taskComments}.\n
Any suggestions will be appreciated.
I don't get what variable exactly you want to process in your notification. As I can only assume, you are using it for Web Contents and all interesting variables are stored in two places.
Workflow context variables - they are available directly. Few examples like:
${taskComments}
${entryType}
${userId}
${userName}
...
ServiceContext variables - they are available using $serviceContext. Few examples:
$serviceContext.getAttributes().get("version")
$serviceContext.getAttributes().get("articleId")
${serviceContext.getPortalURL()}
...
For all interesting variables check this url https://www.liferay.com/web/igor.beslic/blog/-/blogs/workflow-in-action-kaleo-workflow-context-variables Some could change already, however most of them is working fine for current version.
Content changes might be made on a page, they can also be triggered through Control Panel (or the API for that matter). When you're in a workflow, you typically don't have this context any more - if you find it somehow I'd not rely on it to be there. A workflow is unrelated to the UI and pages.
Also, an article might be submitted on one page, where it might be replaced/removed before it's even approved. In that case the link wouldn't help.
What might work is to check the concept behind "Web Content Display Pages" (if your article has them configured and you deal with web content). But the mechanics will vary depending on the actual content type you're dealing with. And content that goes through workflow might not be displayed on any page at all (e.g. when submitted through Control Panel) or on many different pages (either explicitly - Web Content Display - or implicitly - Asset Publisher).
#tomic basically provides pointers to what you have, I'm only reasoning why your initial problem is problematic to solve at best - it's not fully specifiable.
Consider the scenario as below:
I have a HTML form.
<input type="radio" name="radioButton" value="1" >Radio One<br>
<input type="radio" name="radioButton" value="2"> Radio Two
I am reading the input provided by the user in one of my servlet as:
int radioype = Integer.parseInt(request.getParameter("radioButton"));
Now I dont need a null check because I know that this value is not going to be null.
The value can be 1 or 2 so it will be successfully parsed as as int. But however any body could change the value of radioButton (for e.g. by using FireBug) to something else. This will create a lot of trouble for my application.
What is the best way to deal with this situation? There are number of such inputs in my application including text boxes, dropdowns, text areas etc. I agree that I will have to validate text boxes on my own. But these checkboxes and radio buttons seem to be too much of validation.
You've already identified the real problem - the user can use something like Firebug to send back anything they like, including null for these parameters. There's no getting round the fact that you need to validate everything which comes from a browser form. Doing otherwise makes your application insecure and liable to hacking.
I'd recommend using one of the many Java web frameworks available, which make the creation of a validation layer in your applications relatively easy (e.g.: Spring-MVC or Struts 2).
I don't think there is an easy way around this. You simply can't stop someone who wants to change the request values to do so, so you will have to validate it in your code. Maybe the best thing you can do is to implement the most generic validation layer you can, so you can easily apply it to all existing code without the need to make big changes.
On the other hand, if, for example, you have a gender radio button, with values M and F, if someone submits J in there, it's perfectly fine to give them a well handled exception message.
Anything that goes from client to server is not under your control and observation. So you need to implement all your validation methods in the backend.
Backend validation is a must, not an option. I've seen many people who relied on client-side input validation and had big big troubles. Read about SQL injection for examples.
A very basic backend validation process covers all the checks in the client side, though most of them cover more cases. You can generalize the checks and mark the inputs accordingly to not go over all the inputs one by one.
For further information, here are your keywords: java, jsp, backend, validation, form, input
I am using a JFormattedTextField for to format integer input for a Swing app. The default behavior for invalid input is to quietly (i.e. no error message) reset the text field to it's prior value. I want to display an error message with JOptionPane before returning focus to the JFormattedTextField.
My original solution was to implement FocusListeners for my text fields. I considered adding instances of the same FocusListener subclass to each one, but have encountered problems since I am using the NetBeans GUI Builder. #HovercraftFullOfEels suggested that I use an InputVerifier. I have implemented the following custom InputVerifier:
public class ValidTextFormatInputVerifier extends InputVerifier {
#Override
public boolean verify(JComponent jc) {
return ((JFormattedTextField)jc).isEditValid();
}
}
While looking into this further, I get the impression that JFormattedTextField uses InputVerifier internally. (I haven't found this explicitly stated anywhere yet, though.) Because of this, my custom InputVerifier seems superfluous.
The bigger issue is that the text field is still reset silently without any error message. I could add a call to JOptionPane.showMessageDialog() here. However this does not seem an appropriate place to display error messages. The InputVerifier does not know the exact nature of the invalid input, nor does it know the format of valid input, which is even more crucial to providing a meaningful error message.
The first solution that comes to mind is to add a constructor which takes a String parameter that contains the error message to display. This seems like I'm putting the error message logic in the wrong place, though.
Is there a common Java idiom for error handling and providing messages to the user? How do you suggest that I design my application to cleanly display error messages? Also, if I decide to design an interface for the software using a different platform (e.g. command-line, mobile, etc.), I want to be able to reuse as much of my existing code-base as possible. (Of course, since this is mostly a UI issue, perhaps that requirement doesn't apply as strongly as I would like here.)
My first opinion is that showing a JOptionPane to the user whenever the text field focus is lost could be very annoying for users. I would display an error message when the user hits the OK button of your form. The error message could contain a list of all error messages or only the first one and focus the element with the error.
Another choice would be to use regular JTextField and write your own custom validators. When focus changes, your IntegerValidator (or other implementation) would validate the input string and the UI could display an error or warning icon next to the field, the same as some web applications do.
I'd have a look at JLayer (Java 7) or JXLayer (Java 6 & below)
This would allow you to decorate the field or form with a verity of different states.
As to when.
I'd start by using some kind of highlighter, Dan suggest using icons, which is a great idea, coupled with JLayer/JXLayer this would reduce the overall effect on the form.
I'd wait until the user tries to submit the form before displaying a dialog & forcing focus back to the invalid fields.
The basic idea would be to allow the user the freedom to move about the form without to much restriction (cause not all people think in a linear manner) but encourage them to correct any possible errors they are producing along the way without having to wait till they submit the form to find the errors (think about the worse web form you've ever used and don't do that)
Obviously, if they try and submit the form with errors, you'll want to display and error message and highlight the first offending field
For examples of JLayer/JXLayer have a look at Validation overlays using JXLayer & How to decorate components
I have been developing an AJAX web application using GWT. I've read several blogs and forums about this question and left with no clear idea. I understand that GWT is an AJAX application, that supports only stand-alone web application. By stand-alone, I meant GWT to be a single web page that would suffice the user requirements. However the use case I have is pretty complex and I'm stuck in this use case that doesn't let me proceed.
My usecase(s) goes like this:
Usecase #1: There is an order entry form where user will enter a search string to search for a particular item. With GWT, I could display the result in a table (say celltable). However, when I click a column in the cellTable, I want the value of the column to be sent to the server and display another page that will display only the details of the selected column. I'm not sure how to accomplish this.
Usecase #2: Let's say the web application I develop is called "InventoryControl" and I have different requirements such as:
display Available stock
display Order stock
display Manufactured unit
and Using Java servlets, I could just type http://localhost/availableStock?stockId=1234 on my browser to get the "Display available stock" for the given stockId and then http://localhost:orderStock?stockId=1234 to get the "display order stock" and similarly "display manufactured unit". Is the same possible using GWT? i.e. when I type http://localhost/availableStock?stockId=1234, is it possible to read the parameter being passed and then display the corresponding page?
If these are not meant to be guaranteed by GWT, should I stick with Plain old JAVA servlets/JSP?
Thanks in advance.
Ashok - Please note, what filip suggests above does not require multiple "pages" in the sense of additional html host pages. You can build a panel holding your display of the details, and swap it into the rootpanel of your host in the onSuccess() of your rpc call. The GWT history mechanism allows you to assign anchors to these "places" and provide a mechanism to map these anchors to specific display classes in your code.
GWT already has a mechanism for handling multiple page applications. Have a look at Activities and Places. You can define each page as a place in your application, and use the GWT mechanism to go from place to place at any time. Using places also allows you to easily add tokens/query parameters to each "page", in an OO manner, without having to worry about populating/querying the URL directly. Have a good read of the link!