Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

 

Previous release notes of 8.1.0

 

Fixes and improvements in this release:

Cross-Site Scripting (XSS):
The big item for this release is that we changed the way servoy displays and execute html with javascript for
the webclient and ngclient, see these 2 wike pages also for settings and usefull info

https://wiki.servoy.com/pages/viewpage.action?pageId=23397000
https://wiki.servoy.com/display/DOCS/Security+settings

By default now servoy will not allow javascript or other dangerous html things to be inserted into labels or html area's as is.
It will sanatize (strip) the html of that. You can override these setting on various level, the best way is to do it on element level, try to avoid setting it on solution level or on all solutions (through the admin page setting)
Because then you really need to be sure that all data that you show in html area's or labels are coming from trusted sources (like pure design time values) that they are not coming from data.

Becaue of these fixes the added a jsoup.jar to the wrapper.conf and batch/sh files. If you upgrade a server be sure to check the wrapper configuration or batch files where you start the application server with. (classpath of wrapper should contain wrapper.java.classpath.49=lib/jsoup.jar, same goes for the classpath of the sh/batch files)

Performance:
We changed the way how data is pushed the first time or the next time a form is shown, the propertie values are now pushed way earlier then before. For example a tabpanel component will have all the tabs (also the one added through runtime api, elements.tabpanel.addTab) and the selected tabindex right away when it is being constructed. Only actual data from dataproviders could come a bit later.

In memory foundsets:
Design time foundsets are now auto created (with no data) if just used before creating it with: dataset.createDataSource()
databaseManager.dataSourceExists() will always return true for design time based in memory datasources

 

Component/s Key Summary T
Loading...
Refresh

  • No labels