1 2009-11-24T00:03:40 *** JosefMeier
2 2009-11-24T00:07:58 *** JosefMeier
3 2009-11-24T00:11:41 <dreimark> gn
4 2009-11-24T00:32:36 *** tpfennig
5 2009-11-24T00:33:19 *** JosefMeier
6 2009-11-24T02:28:15 *** ser
7 2009-11-24T02:28:15 *** dainbrain
8 2009-11-24T02:28:49 *** ser
9 2009-11-24T02:28:49 *** dainbrain
10 2009-11-24T08:56:15 <ThomasWaldmann> moin
11 2009-11-24T08:56:25 <ThomasWaldmann> 1.94 +function OnClickListAttachments()
12 2009-11-24T08:56:33 <ThomasWaldmann> a) where is that called
13 2009-11-24T08:56:40 <ThomasWaldmann> b) sense of the code?
14 2009-11-24T09:12:50 *** grzywacz
15 2009-11-24T10:17:16 *** grzywacz
16 2009-11-24T12:20:27 *** TheSheep
17 2009-11-24T12:20:36 *** CIA-34
18 2009-11-24T12:21:42 *** TheSheep
19 2009-11-24T12:24:32 *** CIA-34
20 2009-11-24T17:23:12 *** tpfennig
21 2009-11-24T19:53:50 *** JosefMeier
22 2009-11-24T19:55:25 <JosefMeier> MoinMoin
23 2009-11-24T19:56:06 *** grzywacz
24 2009-11-24T20:13:14 <ThomasWaldmann> re
25 2009-11-24T20:13:29 <ThomasWaldmann> JosefMeier:
26 2009-11-24T20:13:35 <ThomasWaldmann> (08:56) < ThomasWal> 1.94 +function OnClickListAttachments()
27 2009-11-24T20:13:35 <ThomasWaldmann> (08:56) < ThomasWal> a) where is that called
28 2009-11-24T20:13:35 <ThomasWaldmann> (08:56) < ThomasWal> b) sense of the code?
29 2009-11-24T20:30:55 <JosefMeier> onclicklistattachments seems to be a "leiche" of my former warning stuff
30 2009-11-24T20:30:58 <JosefMeier> will remove that
31 2009-11-24T20:31:22 <JosefMeier> what do you say about overall performance and usability. have no idea how to improve it more. its simple now and quick
32 2009-11-24T20:33:30 <ThomasWaldmann> what was the demo url again?
33 2009-11-24T20:33:57 <JosefMeier> s15358202.onlinehome-server.info/1.9_modified/attachtest
34 2009-11-24T20:34:09 <ThomasWaldmann> btw, i found that lang* attr naming a bit strange. shouldn't that rather be msg*,
35 2009-11-24T20:34:31 <ThomasWaldmann> or even no attr, but just use a specific dict instead of locals()
36 2009-11-24T20:34:48 <JosefMeier> why? locals are used all over the moin code
37 2009-11-24T20:34:59 <ThomasWaldmann> do you need an A record for that? :)
38 2009-11-24T20:35:15 <JosefMeier> whatsanarecord?
39 2009-11-24T20:35:33 <ThomasWaldmann> to have a pretty name for your server
40 2009-11-24T20:36:00 <JosefMeier> ThomasWaldmann: Ah ;-) I couldn't decide which name to take. I shiftet the decision ;-)
41 2009-11-24T20:37:28 <ThomasWaldmann> is that refresh needed?
42 2009-11-24T20:37:49 <JosefMeier> yes. cause a life refresh during typing is far to slow
43 2009-11-24T20:42:47 <ThomasWaldmann> no, i mean after clicking on the attachment icon, it first shows different data, then refreshes, then shows the real data
44 2009-11-24T20:43:31 <ThomasWaldmann> and if i create a new attachment link for attachment name "<b>foo</b>", it seems to double-escape that
45 2009-11-24T20:44:02 <JosefMeier> thats xss protection. <b>... is no valid name
46 2009-11-24T20:44:31 <ThomasWaldmann> but it looks like you do it twice
47 2009-11-24T20:44:49 <JosefMeier> ah. maybe. does that ... hurt?
48 2009-11-24T20:45:04 <ThomasWaldmann> no, but it's wrong :)
49 2009-11-24T20:45:30 <JosefMeier> its also wrong to try to xss' the dialog. thats ... bad :-)
50 2009-11-24T20:46:40 <JosefMeier> can you give me a final instruction about what to do so I don't have the feeling anymore that this dialog is my fate ;-) ?
51 2009-11-24T20:47:01 <ThomasWaldmann> <b>foo</b>/<em>bar</em>
52 2009-11-24T20:47:12 <ThomasWaldmann> this is the rendered(!)html
53 2009-11-24T20:47:48 <JosefMeier> and? The single escaped html wouldn't look much better : <b>foo</b>
54 2009-11-24T20:48:10 <ThomasWaldmann> (it would be pretty much ok as html, but if you see that rendered, it just means that you escaped one time too much)
55 2009-11-24T20:49:08 *** JosefMeier
56 2009-11-24T20:49:45 *** JosefMeier
57 2009-11-24T20:50:17 <JosefMeier> i can change that. If this is changed, is it then ok, if I remove the onattachmentchange... ?
58 2009-11-24T20:50:18 <ThomasWaldmann> &lt;b&gt;foo&lt;/b&gt;/&lt;em&gt;bar&lt;/em&gt; < that is the html for the link label text
59 2009-11-24T20:50:47 <ThomasWaldmann> what about the refresh?
60 2009-11-24T20:51:15 <JosefMeier> the dialog is blocked then cause the user doesn't see anything during loading the different page's attachment
61 2009-11-24T20:51:50 <ThomasWaldmann> hm?
62 2009-11-24T20:52:20 <ThomasWaldmann> can't you just directly show the right data?
63 2009-11-24T20:52:42 <JosefMeier> the solution would be to hide the first run. but then the user doesn't the anything until then
64 2009-11-24T20:53:18 <dreimark> s/the/see/
65 2009-11-24T20:53:34 <JosefMeier> hi dreimark
66 2009-11-24T20:54:28 <ThomasWaldmann> hmm, sounds weird
67 2009-11-24T20:54:50 <JosefMeier> ok ok. I'll change that too. More wishes?
68 2009-11-24T20:55:10 <ThomasWaldmann> but assuming that is the case (i didn't check the code), displaying nothing still sounds better than first displaying wrong stuff, then refreshing to show the right stuff
69 2009-11-24T20:55:25 <JosefMeier> ok
70 2009-11-24T20:56:04 <ThomasWaldmann> btw, did you check all usecases?
71 2009-11-24T20:56:11 <JosefMeier> ???
72 2009-11-24T20:57:05 <ThomasWaldmann> everything you can/want to with that dialog should ... work :)
73 2009-11-24T20:57:16 <ThomasWaldmann> ...do...
74 2009-11-24T20:57:34 <JosefMeier> I heavily tested this dialog. several times
75 2009-11-24T20:57:39 <JosefMeier> too much indeed ;-)
76 2009-11-24T20:59:43 <JosefMeier> so ... the dialog is ok then if the startup flicker and the double escape is removed?
77 2009-11-24T21:01:39 <ThomasWaldmann> it is ok if it works flawlessly :)
78 2009-11-24T21:02:02 <JosefMeier> are there more flaws than the two ones?
79 2009-11-24T21:02:04 <ThomasWaldmann> i just looked at the old dialogue, yours will be much more advanced
80 2009-11-24T21:02:34 <ThomasWaldmann> how shall I tell that NOW? :)
81 2009-11-24T21:02:41 <ThomasWaldmann> it looks ok
82 2009-11-24T21:02:52 <JosefMeier> ok. thank you.
83 2009-11-24T21:02:57 <ThomasWaldmann> maybe the link label text should be added
84 2009-11-24T21:03:13 <JosefMeier> it's not necessary. The user can change it in the gui editor
85 2009-11-24T21:03:42 <ThomasWaldmann> and does it roundtrip correctly if link label != attach name?
86 2009-11-24T21:04:10 <JosefMeier> for sure. try it
87 2009-11-24T21:05:46 <ThomasWaldmann> yeah, tried it, works
88 2009-11-24T21:06:05 <ThomasWaldmann> ah, I can imagine some people wanting &do=get :)
89 2009-11-24T21:06:24 <ThomasWaldmann> (or having that in existing attach links)
90 2009-11-24T21:06:27 <JosefMeier> me too. this is worth a button?
91 2009-11-24T21:06:40 <JosefMeier> radio button?
92 2009-11-24T21:07:03 <JosefMeier> show attachment page vs. get attachment ?
93 2009-11-24T21:07:08 <JosefMeier> or get by default?
94 2009-11-24T21:07:35 <JosefMeier> I think get is much more common than always to switch to the attachment page
95 2009-11-24T21:08:07 <ThomasWaldmann> show (view?) is default, get is optional
96 2009-11-24T21:08:11 <JosefMeier> Why should people like to see the attachment page? My colleagues wished to have the get. Thats why I implemented that by default?
97 2009-11-24T21:08:24 <JosefMeier> if I want to view it, I can embed it
98 2009-11-24T21:08:33 <ThomasWaldmann> sounds like a checkbox [ ] direct link to get attachment
99 2009-11-24T21:08:41 <JosefMeier> In the internet a click to an attachment always loads it
100 2009-11-24T21:09:00 <ThomasWaldmann> there is a long reasoning on the wiki explaining that :)
101 2009-11-24T21:09:24 <JosefMeier> ok. then a checkbox. how can I change from view to get?
102 2009-11-24T21:10:06 <ThomasWaldmann> you need to put &do=get into the target url
103 2009-11-24T21:10:22 <JosefMeier> manually? or is there a function for that?
104 2009-11-24T21:10:44 <ThomasWaldmann> in python?
105 2009-11-24T21:13:47 <ThomasWaldmann> or maybe first fix the other stuff, we can do that afterwards
106 2009-11-24T21:26:35 <JosefMeier> ok
107 2009-11-24T21:32:38 <JosefMeier> Is it ok if the fields are empty during startup?
108 2009-11-24T21:33:48 <ThomasWaldmann> better than showing wrong data, but they should have right values when user can edit them
109 2009-11-24T21:33:57 <JosefMeier> ok
110 2009-11-24T21:45:13 <JosefMeier> ThomasWaldmann: I can't reproduce the html escape bug
111 2009-11-24T21:45:19 <JosefMeier> What did you enter in which field?
112 2009-11-24T21:52:35 <JosefMeier> ThomasWaldmann: ?
113 2009-11-24T22:01:22 <ThomasWaldmann> <b>foo</b>
114 2009-11-24T22:01:29 <ThomasWaldmann> <em>bar</em>
115 2009-11-24T22:01:51 <JosefMeier> als page und als attachment?
116 2009-11-24T22:01:58 <ThomasWaldmann> ja
117 2009-11-24T22:02:47 <JosefMeier> <b>foo</b>/<em>bar</em>
118 2009-11-24T22:02:50 <JosefMeier> kommt bei mir raus
119 2009-11-24T22:02:52 <JosefMeier> ist doch ok
120 2009-11-24T22:03:06 <JosefMeier> hab ich mir im text modus angeguckt
121 2009-11-24T22:06:53 <JosefMeier> s15358202.onlinehome-server.info/1.9_modified/attachtest
122 2009-11-24T22:07:42 <ThomasWaldmann> lies doch einfach mal, was ich oben geschrieben hab und denk ueber den sinn von escaping nach
123 2009-11-24T22:21:40 <JosefMeier> ThomasWaldmann: I entered <b>foo</b> in page and <em>bar</em> in the attachment field. I also entered that directly to the link label. Nothing strange happened.
124 2009-11-24T22:23:44 <JosefMeier> As far as I understood reimar yesterday, escaping is used for preventing XSS attacks.
125 2009-11-24T22:28:06 *** JosefMeier
126 2009-11-24T22:28:22 *** JosefMeier
127 2009-11-24T23:01:01 *** LotekThirteen
128 2009-11-24T23:01:22 *** LotekThirteen
129 2009-11-24T23:14:34 *** JosefMeier
130 2009-11-24T23:15:03 *** JosefMeier
131
