Orbeon Forms community mailing list

Yahoo Javascript appearing under /xforms-server/blah.blah

Classic

List

Threaded

2 messages Options

dyed134

Yahoo Javascript appearing under /xforms-server/blah.blah

I have Orbeon installed in an integrated application with JSF. When I go to a url like http://servername/appname/xforms-server/blah.blah, a Yahoo YUI Javascript file appears. This is the start of the file:

// This file was produced by Orbeon Forms 3.7.0beta1.200808240812
/*
Copyright (c) 2008, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.5.2
*/
/**
* The YAHOO object is the single global object used by YUI Library.

This also appears to happen on the Orbeon demo site at: http://www.orbeon.com/ops/xforms-server/blah.blah .

Since blah.blah is not an actual file on my server I want an error page to appear instead of this Javascript file. Displaying this JS file causes problems with a web security scan software my institution uses. I have set up a custom error page for Orbeon using error.xpl in the config folder. Urls starting with xforms-server don't seem to be affected by this error pipeline. I also tried changing the url-pattern for the servlet mapping for ops-xforms-server-servlet in web.xml, but that causes an error submitting XForms.

Any suggestions would be appreciated. Thanks.

Erik Bruchez

Re: Yahoo Javascript appearing under /xforms-server/blah.blah

Administrator

In this case no file should be returned but instead the resource
server returns the standard JavaScript for Orbeon Forms.

This should not be a big issue because it is not returning a random
file on disk. But you can try to filter this by only allowing .js
and .css extensions.

I have also made some changes to XFormsResourceServer.java to filter
unacceptable requests and return a 404.

-Erik

On Apr 24, 2009, at 6:15 AM, dyed134 wrote:

>
> I have Orbeon installed in an integrated application with JSF. When
> I go to
> a url like http://servername/appname/xforms-server/blah.blah, a
> Yahoo YUI
> Javascript file appears. This is the start of the file:
>
> // This file was produced by Orbeon Forms 3.7.0beta1.200808240812
> /*
> Copyright (c) 2008, Yahoo! Inc. All rights reserved.
> Code licensed under the BSD License:
> http://developer.yahoo.net/yui/license.txt
> version: 2.5.2
> */
> /**
> * The YAHOO object is the single global object used by YUI Library.
>
> This also appears to happen on the Orbeon demo site at:
> http://www.orbeon.com/ops/xforms-server/blah.blah
> http://www.orbeon.com/ops/xforms-server/blah.blah .
>
> Since blah.blah is not an actual file on my server I want an error
> page to
> appear instead of this Javascript file. Displaying this JS file causes
> problems with a web security scan software my institution uses. I
> have set
> up a custom error page for Orbeon using error.xpl in the config
> folder.
> Urls starting with xforms-server don't seem to be affected by this
> error
> pipeline. I also tried changing the url-pattern for the servlet
> mapping for
> ops-xforms-server-servlet in web.xml, but that causes an error
> submitting
> XForms.
>
> Any suggestions would be appreciated. Thanks.
>
>
> --
> View this message in context: http://www.nabble.com/Yahoo-Javascript-appearing-under--xforms-server-blah.blah-tp23216228p23216228.html
> Sent from the ObjectWeb OPS - Users mailing list archive at
> Nabble.com.
>
>
> --
> You receive this message as a subscriber of the [hidden email]
> mailing list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> OW2 mailing lists service home page: http://www.ow2.org/wws

--
Orbeon Forms - Web Forms for the Enterprise Done the Right Way
http://www.orbeon.com/

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws