Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr> [Fri, 14 Feb 2014 15:42:25 +0100] rev 9535
[ldapfeed] fix encode error during initial user import
Closes #3539196.
Rémi Cardona <remi.cardona@logilab.fr> [Wed, 12 Feb 2014 17:32:49 +0100] rev 9534
[web/data] Ignore disabled widgets in cw.utils.formContents() (closes #3544492)
17.12.1 Disabled controls : http://www.w3.org/TR/REC-html40/interact/forms.html#h-17.12.1
When set, the disabled attribute has the following effects on an element:
* Disabled controls do not receive focus.
* Disabled controls are skipped in tabbing navigation.
* Disabled controls cannot be successful.
The third one is the important one.
17.13.2 Successful controls : http://www.w3.org/TR/REC-html40/interact/forms.html#successful-controls
A successful control is "valid" for submission. Every successful control has
its control name paired with its current value as part of the submitted form
data set.
Bottom line, disable widgets should not be part of the names and values lists returned by formContents().
Damien Garaud <damien.garaud@logilab.fr> [Fri, 14 Feb 2014 15:22:56 +0100] rev 9533
[etwist] Fix an empty request content after a Twisted processing (closes #3546795).
The content of a POST request could be empty when the Twisted server is used.
Julien Cristau <julien.cristau@logilab.fr> [Thu, 13 Feb 2014 16:50:55 +0100] rev 9532
[web/data] remove images that aren't used anywhere
Julien Cristau <julien.cristau@logilab.fr> [Thu, 13 Feb 2014 16:51:22 +0100] rev 9531
[web/data] Add missing images from jquery-ui 1.10.3
Closes #3175933
Julien Cristau <julien.cristau@logilab.fr> [Fri, 14 Feb 2014 14:06:56 +0100] rev 9530
[web/navigation] use add_onload instead of inline javascript href
This way our javascript code isn't thrown out by the html cleaner e.g. when
using the rql rest directive and a table view.
To make things simpler, we now always use ajax URLs for navigation,
even when we would previously have used regular links.
Closes #3501626
Julien Cristau <julien.cristau@logilab.fr> [Fri, 14 Feb 2014 14:46:25 +0100] rev 9529
[web/data] fix treeview regression (closes #3526466)
Changeset 68cde7431c2c "[js] remove 3.9 bw compat (where apparently
unused)" removed the use of form.callback from loadxhtml, which treeview
relied on. Update to add a callback on the loadxhtml return value
instead.
Aurelien Campeas <aurelien.campeas@logilab.fr> [Fri, 14 Feb 2014 10:39:16 +0100] rev 9528
backout 8f3e963501e2, which is not ready yet
Aurelien Campeas <aurelien.campeas@logilab.fr> [Thu, 13 Feb 2014 19:29:20 +0100] rev 9527
[pkg] also bump it there
Aurelien Campeas <aurelien.campeas@logilab.fr> [Mon, 10 Feb 2014 18:00:26 +0100] rev 9526
[pkg] prepare 3.17.13
Julien Cristau <julien.cristau@logilab.fr> [Tue, 11 Feb 2014 13:50:29 +0100] rev 9525
[navigation] use add_onload instead of inline javascript href
This way our javascript code isn't thrown out by the html cleaner e.g. when
using the rql rest directive and a table view.
Closes #3501626
Julien Cristau <julien.cristau@logilab.fr> [Wed, 05 Feb 2014 15:50:36 +0100] rev 9524
[uilib] allow canvas tags in the html cleaner
Used by the iprogress cube. Closes #3524254.
Julien Cristau <julien.cristau@logilab.fr> [Wed, 05 Feb 2014 16:34:21 +0100] rev 9523
[ajax] use a custom tag to handle dynamically loaded js
Using <pre class="script"> makes it trivial for a malicious user to
inject arbitrary javascript into a html or rest text element (because it
looks innocent to the html sanitizer). Using a custom tag we can be
sure that it actually comes from our code and not from untrusted user
data. IE ignores custom tags, though, so we put it in its own namespace.
https://extranet.logilab.fr/1530578
Aurelien Campeas <aurelien.campeas@logilab.fr> [Mon, 03 Feb 2014 19:07:58 +0100] rev 9522
[dataimport] fix comment
Aurelien Campeas <aurelien.campeas@logilab.fr> [Wed, 12 Feb 2014 18:15:32 +0100] rev 9521
[hooks/security, devtools/fill] silence yams 0.38.0 warnings
Florent Cayré <florent.cayre@logilab.fr> [Mon, 03 Feb 2014 16:30:07 +0100] rev 9520
Drop 3.13 incomplete backward compat in edit controller.
It is very old and broken (there is another non-backward-copmpatible
usage of `_cw_entity_fields`), better to remove it instead of fixing.
Closes #3515223.