Friday, July 29, 2011

UiBinder.useSafeHtmlTemplates

Hi all,

I'm sure you're familiar with the warning "Configuration property
UiBinder.useSafeHtmlTemplates is false!". I did the obvious, I added

<set-configuration-property name="UiBinder.useSafeHtmlTemplates" value="true"/>

to the lowest level GWT module I have (it gets included directly or
indirectly by all other modules).

Well, colour me surprised:

[INFO] Loading inherited module 'com.example.domain.request.DomainRequestImpl'
[INFO] Loading inherited module 'com.example.domain.request.DomainRequestApi'
[INFO] Loading inherited module 'com.example.domain.proxy.DomainProxyApi'
[INFO] Loading inherited module 'com.example.domain.DomainApi'
[INFO] [WARN] Setting configuration property named
UiBinder.useSafeHtmlTemplates in com.example.domain.DomainApi that has
not been previously defined. This may be disallowed in the future.
[INFO] Loading inherited module 'com.example.fe.Measurements'
[INFO] Loading inherited module
'com.google.web.bindery.requestfactory.RequestFactory'
[INFO] Loading inherited module 'com.google.web.bindery.autobean.AutoBean'
[INFO] Loading inherited module 'com.google.gwt.user.User'
[INFO] Loading inherited module 'com.google.gwt.uibinder.UiBinder'
[INFO] [WARN] Definition of already set configuration
property named UiBinder.useSafeHtmlTemplates in
com.google.gwt.uibinder.UiBinder (set in
com.example.domain.DomainApi). This may be disallowed in the future.
[INFO] Compiling module com.example.fe.MeasurementsApp
[INFO] Scanning for additional dependencies:
file:/home/me/workspaces/project-workspace/measurements/src/main/java/com/example/fe/widgets/DefaultMeasurementsApi.java
[INFO] Computing all possible rebind results for
'com.example.fe.widgets.Measurements.UiBinder'
[INFO] Rebinding com.example.fe.widgets.Measurements.UiBinder
[INFO] Invoking generator
com.google.gwt.uibinder.rebind.UiBinderGenerator
[INFO] [WARN] Configuration property
UiBinder.useSafeHtmlTemplates is false! UiBinder SafeHtml integration
is off, leaving your users more vulnerable to cross-site scripting
attacks. This property will default to true in future releases of GWT.

What's going on here? First it complains about it not being defined,
then that it's already set, and finally that it's *not* set?!?

Cheers,
Hilco

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)