[Borges-users] Patches, Proposals: Patch for current CVS
Kaspar Schiess
eule at space.ch
Thu Mar 25 17:12:52 EST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all, Hello Eric,
I would like to propose a few changes to the current Borges CVS; I will
comment on the ones that I am not sure that they are obvious:
a) Introduction of text_area_on analoguous to text_input_on.
b) Security patch to input type=* value=... and to text_area: Values
always should be html encoded; if they are not, user can terminate tag
and include javascript into the page. This has happened on major online
forums; It is (from my point of view) unneccessary to give the Borges
user a choice about encoding these values, because not doing so is
always a security risk.
c) Introduction of more verbous error output if Borges cannot find a
continuation to call.
d) Some paragraphs readded (for better lisibility of output) in new
style paragraphing.
e) Borges::Path should now work. Can anyone explain to me how to use
this properly ?
f) Borges::Window should now work. This will 'open' a Window that can be
closed at will.
g) Introduction of 'HtmlRenderer#action': like 'default_action', but
action will always be executed (not just last one defined). Helps in
developing render extensions that do complex things and need to
integrate the borges way. I have built a custom component that renders
complex forms and stores them as YAML string to the backend: UI candy
without the DB hassle. So I would really like this to be in Borges.
These changes are implemented in attached patch to today's CVS. I will
gladly produce seperate patches if anyone does want a subset of these
changes.
I also attach the current variant of the user documentation I am
maintaining at interim (until we find a better way to do it). Some small
changes, plus adaptations to new CVS code.
Any suggestions, hints, remarks welcome.
kaspar - code philosopher
- -- stolen off the net --
It takes 2 to tango, but 3 makes it more interesting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAYwUDh6tlx0BWOuARArGuAJ46sW3Da0Ia09RyOayvqq4dsPLmxwCeKYiG
/uSSMkazuOEphKfkOidNrOI=
=jbtp
-----END PGP SIGNATURE-----
-------------- next part --------------
diff -u -r ../borges-patch/./lib/Borges/Callback/CallbackStore.rb ./lib/Borges/Callback/CallbackStore.rb
--- ../borges-patch/./lib/Borges/Callback/CallbackStore.rb Thu Nov 27 10:13:03 2003
+++ ./lib/Borges/Callback/CallbackStore.rb Thu Mar 25 15:50:41 2004
@@ -5,7 +5,11 @@
end
def evaluate_callback_with(callback, obj)
+ if @callbacks[callback].nil?
+ raise "No callback registered for callback #{callback.class}: #{callback}, object #{obj.class}: #{obj}"
+ else
@callbacks[callback].evaluate_with_store(obj, self)
+ end
end
def initialize
diff -u -r ../borges-patch/./lib/Borges/Component/ApplicationEditor.rb ./lib/Borges/Component/ApplicationEditor.rb
--- ../borges-patch/./lib/Borges/Component/ApplicationEditor.rb Sun Mar 21 02:17:46 2004
+++ ./lib/Borges/Component/ApplicationEditor.rb Thu Mar 25 15:51:20 2004
@@ -32,6 +32,7 @@
r.submit_button('OK') do end
end
+ r.paragraph do
r.form do
r.table do
@application.preferences.each do |name, pref|
@@ -47,9 +48,10 @@
r.attributes['align'] = 'center'
r.table_row_span(2) do
- r.submit_button_on('done', self)
+ r.submit_button_on(:done, self)
end
+ end
end
end
end
diff -u -r ../borges-patch/./lib/Borges/Component/ApplicationList.rb ./lib/Borges/Component/ApplicationList.rb
--- ../borges-patch/./lib/Borges/Component/ApplicationList.rb Sun Mar 21 02:17:46 2004
+++ ./lib/Borges/Component/ApplicationList.rb Thu Mar 25 15:51:33 2004
@@ -42,6 +42,8 @@
end
end
+ r.paragraph do
+
# TODO allow loading of apps
=begin
r.form do
@@ -51,7 +53,7 @@
r.submit_button('Add') do add_application end
end
=end
-
+ end
r.anchor('Clear Caches') do clear_caches end
#r.preformatted(SeasidePlatformSupport.vmStatisticsReportString)
diff -u -r ../borges-patch/./lib/Borges/Component/Path.rb ./lib/Borges/Component/Path.rb
--- ../borges-patch/./lib/Borges/Component/Path.rb Thu Nov 27 10:13:03 2003
+++ ./lib/Borges/Component/Path.rb Thu Mar 25 15:52:51 2004
@@ -1,11 +1,13 @@
class Borges::Path < Borges::Component
- def choose(anAssociation)
- newStack = Array.new.writeStream
+ def choose(assoc)
+ ns = Array.new
+
@stack.each do |ea|
- newStack.nextPut(ea)
- if ea == anAssociation then
- @stack = newStack.contents
+ ns << ea
+
+ if ea == assoc then
+ @stack = ns
return self
end
end
@@ -15,7 +17,7 @@
if @stack.empty? then
nil
else
- @stack.last.value
+ @stack.last[0]
end
end
@@ -24,24 +26,30 @@
self.session.register_for_backtracking(self)
end
- def push_segment_name(anObject, aString)
- @stack << [aString, anObject]
+ def push_segment_name(str, obj)
+ @stack << [obj, str]
+ end
+
+ def pop_segment
+ @stack.pop
end
def render_content_on(r)
return self if @stack.empty?
- r.divNamed_with('path', proc do
- @stack.allButLast.each do |assoc|
- r.anchorWithAction_text(proc do
+ r.css_class('path')
+ r.div do
+ (0... at stack.size-1).each do |i|
+ assoc = @stack[i]
+ r.anchor(assoc[1]) do
self.choose(assoc)
- end, assoc.key)
+ end
r.text(' >> ')
end
- r.bold(@stack.last.key)
- end)
+ r.bold((@stack.last)[1])
+ end # div
end
end
diff -u -r ../borges-patch/./lib/Borges/Component/Window.rb ./lib/Borges/Component/Window.rb
--- ../borges-patch/./lib/Borges/Component/Window.rb Thu Nov 27 10:13:04 2003
+++ ./lib/Borges/Component/Window.rb Thu Mar 25 15:54:22 2004
@@ -1,51 +1,54 @@
class Borges::Window < Borges::Component
- def content(aComponent)
- @content = aComponent
- end
+ attr_accessor :contents, :title, :style
def default_style
- return '
+ %q{
#window-titlebar {background-color: lightblue; margin-bottom: 10px; width: 100%; }
#window-title { text-align: right; width: 66% }
#window-close {text-align: right;}
- '
+ #window-content {background-color: lightblue;}
+ }
+ end
+
+ ##
+ # Construct a new window with title +title+ and content +component+.
+ def initialize(component, title='')
+ @contents = component
+ @title = title
+ end
+
+ def close
+ self.answer
end
def render_close_button_on(r)
- r.anchorWithAction_text(proc do self.answer end, 'close')
+ r.anchor('close') do self.close end
end
def render_content_on(r)
r.title(@title)
- r.attributes.at_put('cellspacing', 0)
+
r.table do
- r.cssId('window-titlebar')
- r.tableRow do
- r.cssId('window-title')
- r.tableData(@title)
- r.cssId('window-close')
- r.tableData do self.renderCloseButtonOn(r) end
+ r.element_id('window-titlebar')
+ r.table_row do
+ r.element_id('window-title')
+ r.table_data(@title || '')
+ r.element_id('window-close')
+ r.table_data do self.render_close_button_on(r) end
end
- r.cssId('window-content')
- r.tableRowWith_span(@content, 2)
+ r.element_id('window-content')
+ r.table_row_span(2) do
+ r.render(@contents)
end
end
-
- def style(arg = :noarg)
- move_method('key=', 'key') unless arg == :noarg
-
- return @style.nil? ? self.defaultStyle : @style
end
- def style=(aString)
- @style = aString
- end
+ def style
+ #~ move_method('key=', 'key') unless arg == :noarg
- def title(aString)
- @title = aString
+ return @style.nil? ? self.default_style : @style
end
-
end
diff -u -r ../borges-patch/./lib/Borges/HTML/HtmlBuilder.rb ./lib/Borges/HTML/HtmlBuilder.rb
--- ../borges-patch/./lib/Borges/HTML/HtmlBuilder.rb Sun Mar 21 02:13:24 2004
+++ ./lib/Borges/HTML/HtmlBuilder.rb Thu Mar 25 16:41:32 2004
@@ -80,15 +80,28 @@
def element_id(e_id)
@attributes[:id] = e_id
end
-
+
##
# Escapes +char+ and adds it to the document.
-
+
def encode_char(char)
@document.add_element("&##{char[0]};")
end
##
+ # Turn a string into its html encoded counterpart
+ def encode_string(str)
+ encoded = ""
+
+ str.to_s.each_byte do |char|
+ e = HTML_CHARACTERS[char]
+ encoded << (e.nil? ? char.chr : e.to_s)
+ end
+
+ return encoded
+ end
+
+ ##
# Turn an object into a string and encode it with HTML entities.
#
# encode_text("foo > bar")
@@ -96,13 +109,7 @@
# foo > bar
def encode_text(obj)
- encoded = ""
-
- obj.to_s.each_byte do |char|
- e = HTML_CHARACTERS[char]
- encoded << (e.nil? ? char.chr : e.to_s)
- end
-
+ encoded = encode_string(obj)
text(encoded)
end
diff -u -r ../borges-patch/./lib/Borges/HTML/HtmlRenderer.rb ./lib/Borges/HTML/HtmlRenderer.rb
--- ../borges-patch/./lib/Borges/HTML/HtmlRenderer.rb Sun Mar 21 02:06:54 2004
+++ ./lib/Borges/HTML/HtmlRenderer.rb Thu Mar 25 16:55:44 2004
@@ -67,10 +67,18 @@
##
# Creates a default action that gets called when the form is submitted.
+ # Note that only one default action is executed.
def default_action(&block)
input(:hidden, @callbacks.register_action_callback(&block))
end
+
+ ##
+ # Creates an action that is executed when the form is submitted.
+
+ def action(&block)
+ input(:hidden, @callbacks.register_callback(&block))
+ end
##
# Creates a file upload field.
@@ -172,7 +180,7 @@
#
# +labels_block+ allows a label to be set for each item in the
# list. The labels block gets called with the list item for
- # each item in the list.
+ # each item in the list on form post.
def select(list, selected = nil, &callback)
open_select
@@ -232,9 +240,18 @@
@attributes[:name] = @callbacks.register_callback(&callback)
open_tag(:textarea)
- render(value)
+ render(encode_string(value))
close
end
+
+ ##
+ # Creates a textarea by using getter and setter methods for
+ # symbol +sym+ on object +obj+
+
+ def text_area_on(sym, obj)
+ element_id(sym)
+ text_area(obj.send(sym), &callback_for_setter_on(sym, obj))
+ end
##
# Creates a text input containing +value+.
@@ -284,7 +301,7 @@
end
update_key = @callbacks.register_callback(&callback)
- input(input_type, update_key, value)
+ input(input_type, update_key, encode_string(value))
return update_key
end
diff -u -r ../borges-patch/./lib/Borges/Test/HtmlTest.rb ./lib/Borges/Test/HtmlTest.rb
--- ../borges-patch/./lib/Borges/Test/HtmlTest.rb Sat Mar 20 11:01:27 2004
+++ ./lib/Borges/Test/HtmlTest.rb Thu Mar 25 16:06:24 2004
@@ -31,7 +31,7 @@
def render_checkboxes_on(r)
r.text(@boolean_list.sort_by { |a| a[0].to_s }.join(' '))
-
+ r.paragraph do
r.form do
@boolean_list.sort_by { |a| a[0].to_s }.each do |key, value|
r.text(key)
@@ -46,10 +46,11 @@
r.submit_button do end
end
end
+ end
def render_radio_buttons_on(r)
r.text(@boolean_list.sort_by { |a| a[0].to_s }.join(' '))
-
+ r.paragraph do
r.form do
@boolean_list.sort_by { |a| a[0].to_s }.each do |key, value|
group = r.radio_group
@@ -69,19 +70,21 @@
r.submit_button do end
end
end
+ end
def render_selects_on(r)
r.text(@number)
-
+ r.paragraph do
r.form do
r.select((1..10).to_a, @number) do |i| @number = i end
r.submit_button do end
end
end
+ end
def render_submit_buttons_on(r)
r.text(@number)
-
+ r.paragraph do
r.form do
1.upto(10) do |i|
r.submit_button(i) do @number = i end
@@ -89,23 +92,26 @@
end
end
end
+ end
def render_text_area_on(r)
r.form do
r.text(@message)
-
+ r.paragraph do
r.text_area(@message) do |v| @message = v end
r.break
r.submit_button do end
end
end
+ end
def render_text_input_on(r)
r.form do
r.text(@message)
-
+ r.paragraph do
r.text_input(@message) do |v| @message = v end
r.submit_button do end
+ end
end
end
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 040325-borges-documentation.tgz
Type: application/x-compressed
Size: 23211 bytes
Desc: not available
Url : http://rubyforge.org/pipermail/borges-users/attachments/20040325/b0b0c8b6/040325-borges-documentation-0001.bin
More information about the Borges-users
mailing list