barrypitman

/**
 * Provide the correct response URL to turbolinks in the 'X-XHR-Current-Location' header. Used to update the browser 
 * history after an ajax request is redirected.
 *
 * @author barry
 * @since 2013/01/24 11:46 AM
 */
public class TurboLinksUrlFilter implements Filter {

    /**

barrypitman

/**
 * http://pukkaone.github.com/2010/12/22/jsp-precompile-application-start.html
 * <p/>
 * Allows for all JSPs to be compiled with a single request to
 * http://localhost:8080/actrack/index.html?jsp_precompile_all
 * <p/>
 * Use a locking flag to make sure that this operation can only be run once (to prevent possible DoS attacks)
 *
 * @author barry
 * @since 2013/01/25 11:46 AM

barrypitman

/**
 * JSP tag that renders AntiSamy-filtered HTML, useful for displaying HTML markup in a safe way.
 *
 * @author barry pitman
 * @since 2011/04/14 1:26 PM
 */
public class SafeHtmlTag extends TagSupport {

    private static final long serialVersionUID = 1L;
    private static final Logger LOG = Logger.getLogger(SafeHtmlTag.class);

barrypitman

/**
 * Servlet filter that checks all request parameters for potential XSS attacks.
 * see http://bazageous.com/2011/04/14/preventing-xss-attacks-with-antisamy/
 *
 * @author barry pitman
 * @since 2011/04/12 5:13 PM
 */
public class AntiSamyFilter implements Filter {

    private static final Logger LOG = Logger.getLogger(AntiSamyFilter.class);

barrypitman

// IE doesn't deal well with button elements.
// The following jQuery code fixes the two most common issues:
// 1. All button values being submitted whether they were clicked or not
// 2. Button labels being submitted instead of the value of the value attribute
// Make sure you have loaded jQuery, of course.

// Improvements:
// 1. Cleanly handles the case where a form submit handler prevents form submission (the buttons were left disabled previously)
// 2. Only applies fix to IE 7 and lower, as problem is fixed in IE8.