[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [wsrp-wsia] [I#115] Proposed Resolution: URL rewriting of GET formactions
Good point. How about: "Entities MUST NOT include forms with method=GET in HTML or XHTML generated markup to which URL rewriting will be applied." Tim Quoting Eilon Reshef <eilon.reshef@webcollage.com>: > How do we plan to implement "leak" scenario? > > Namely, suppose a Google portlet only includes the search box, and when > the user hits the "Search" button the intent is to take the user outside > the portal to a Google-only page, or even in a new window. > > Wouldn't the portlet in this case be allowed to use <form method=get>? > > If that is the case, an alternative statement would be along the lines > of (needs wording) > > Entities MUST NOT include forms with method=get in conjunction with URL > rewriting... > > -----Original Message----- > From: Timothy N. Jones [mailto:tim@crossweave.com] > Sent: Wednesday, October 30, 2002 9:52 AM > To: wsrp-wsia@lists.oasis-open.org > Subject: RE: [wsrp-wsia] [I#115] Proposed Resolution: URL rewriting of > GET form actions > > > I believe Rich is right (see my earlier message about Producer having to > parse > the Consumer-supplied URL) -- GETs won't work in either rewriting > scenario. > > Tim > > Quoting Rich Thompson <richt2@us.ibm.com>: > > > > > > > > > > > > > In considering this tweak of the proposal, how can the Producer > > generate an URL complying with the Consumer's template if portions of > > it (the query > > string) are buried in the value of a parameter of the URL the browser > > dynamically builds from the form submission? I think it is not just > for > > Consumer URL rewriting that the prohibition applies .... > > > > > > > > > Gil Tayar > > > <Gil.Tayar@webcol To: > > wsrp-wsia@lists.oasis-open.org > > lage.com> cc: > > > Subject: RE: > > [wsrp-wsia] [I#115] Proposed Resolution: URL > > 10/30/2002 02:51 rewriting of GET > form > > actions > > AM > > > > > > > > > > > > > > > Because this problem appears only in Consumer URL rewriting, I have a > > small change to this resolution: > > > > "Entities MUST NOT include forms with method=GET when generating > > HTML or XHTML markup when relying on Consumer URL rewriting" > > > > -----Original Message----- > > From: Gil Tayar [mailto:Gil.Tayar@webcollage.com] > > Sent: Wed, October 30, 2002 09:41 > > To: wsrp-wsia@lists.oasis-open.org > > Subject: [wsrp-wsia] [I#115] Proposed Resolution: URL rewriting of GET > > > form actions > > > > > > Resolution Date: 14-Nov-2002 > > Proposed by: Rich Thompson > > Proposed Resolution: > > Entities MUST NOT include forms with method=GET when generating HTML > > > or XHTML markup. > > > > -----Original Message----- > > From: Timothy N. Jones [mailto:tim@crossweave.com] > > Sent: Wed, October 23, 2002 19:56 > > To: wsrp-wsia@lists.oasis-open.org > > Subject: RE: [wsrp-wsia] [I#115] URL rewriting of GET form actions > > > > > > Sounds good to me -- this was the (b) option I originally proposed. I > > > am fine with disallowing GET forms, but we have to say so in the spec. > > > > Tim > > > > Quoting Rich Thompson <richt2@us.ibm.com>: > > > > > > > > > > > > > > > > > > > > I would prefer that we add a conformance statement to the effect > > "Entities > > > MUST NOT include forms with method=GET when generating HTML or > > > XHTML markup." > > > > > > > > > > > > Andre Kramer > > > <andre.kramer@eu. To: "'Carsten > Leue'" > > > <CLEUE@de.ibm.com>, > > > citrix.com> wsrp-wsia@lists.oasis-open.org > > > cc: > > > 10/23/2002 05:40 Subject: RE: > [wsrp-wsia] > > > [I#115] URL rewriting of GET form actions > > > AM > > > > > > > > > > > > > > > > > > Stepping back for a second (or 6 days), does anyone actually wish to > use > > > HTML forms with GET actions? I don't, so should we even attempt to > > support > > > this (given browser problems and likely impact of asking Portlets to > > > include > > > a hidden field)? > > > > > > regards, > > > Andre > > > > > > -----Original Message----- > > > From: Carsten Leue [mailto:CLEUE@de.ibm.com] > > > Sent: 17 October 2002 15:46 > > > To: wsrp-wsia@lists.oasis-open.org > > > Subject: RE: [wsrp-wsia] [I#115] URL rewriting of GET form actions > > > > > > > > > Andre - I like that idea. Would you mind to write a more detailed > > proposal? > > > Is this something that would surface in the spec or that would just > be a > > > hint? > > > > > > > > > Best regards > > > Carsten Leue > > > > > > ------- > > > Dr. Carsten Leue > > > Dept.8288, IBM Laboratory Böblingen , Germany > > > Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401 > > > > > > > > > > > > > > > Andre Kramer > > > <andre.kramer@eu. > > > citrix.com> > > To > > > > wsrp-wsia@lists.oasis-open.org > > > 10/17/2002 01:17 > > cc > > > PM > > > > > Subject > > > RE: [wsrp-wsia] [I#115] URL > > > rewriting of GET form actions > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > How about using just one hidden field with the value set equal to > the URL > > > (the example form action)? Then we can run the same algorithm (no > HTML > > > parsing)? > > > > > > -- Andre > > > > > > -----Original Message----- > > > From: Gil Tayar [mailto:Gil.Tayar@webcollage.com] > > > Sent: 17 October 2002 10:35 > > > To: wsrp-wsia@lists.oasis-open.org > > > Subject: RE: [wsrp-wsia] [I#115] URL rewriting of GET form actions > > > > > > > > > Carsten, > > > > > > Although I do have an answer, let me note that Timothy Jones raised > the > > > issue. > > > > > > My answer is that this concerns the spec regarding Consumer-side URL > > > rewriting, as the spec defines Consumer URL rewriting as a > > > search-and-replace thing. Now if the wsia:rewrite occurs inside a > <form > > > method=GET action="wsia:rewrite..." then the Consumer (from what I > > > understand, and I may be missing something) must understand the HTML > and > > > add > > > the correct hidden fields to the form, meaning the Consumer MUST > parse > > the > > > HTML to do this. > > > > > > Then again, I may be missing something, > > > Gil > > > > > > -----Original Message----- > > > From: Carsten Leue [mailto:CLEUE@de.ibm.com] > > > Sent: Thu, October 17, 2002 10:53 > > > To: Gil Tayar > > > Cc: wsrp-wsia@lists.oasis-open.org > > > Subject: Re: [wsrp-wsia] [I#115] URL rewriting of GET form actions > > > > > > > > > Gil - as this problem is more or less a standard HTML problem I > would > > have > > > assumed that the parameters would have to be encoded as hidden input > > > fields, so the resulting request URL contains the correct > parameters. Do > > > you think that we have to detail this aspect in the spec? > > > > > > > > > Best regards > > > Carsten Leue > > > > > > ------- > > > Dr. Carsten Leue > > > Dept.8288, IBM Laboratory Böblingen , Germany > > > Tel.: +49-7031-16-4603, Fax: +49-7031-16-4401 > > > > > > > > > > > > > > > Gil Tayar > > > <Gil.Tayar@webcol > > > lage.com> > > To > > > > wsrp-wsia@lists.oasis-open.org > > > 10/17/2002 10:34 > > cc > > > AM > > > > > Subject > > > [wsrp-wsia] [I#115] URL > rewriting > > > of GET form actions > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Status: Active > > > Topic: markup > > > Class: Technical > > > Title: URL rewriting of GET form actions > > > Raised by: Timothy Jones > > > Date Added: 17-Oct-2002 > > > Document Section: Core Spec v0.7 section 9.2 > > > Description: > > > Web browsers generally discard query string parameters included in > the > > > action > > > URL of forms that use the "GET" method. In the example below the > HTTP > > > request > > > to the server corresponding to the form submission will contain the > > > "param2" > > > > > > parameter but not the "param1" parameter. > > > > > > <form method="get" action="http://...?param1=value1"> > > > <input name="param2" value="value2" type="hidden"/> > > > <input type="submit"/> > > > </form> > > > > > > If the URL rewriting method described in 9.2 implies that "meta" > > parameters > > > > > > will be added to an URL, then this method will not work on GET form > > actions > > > > > > (e.g., consider "param1" in the example above as a meta parameter). > > > > > > Two solutions come to mind: (a) when rewriting a GET form action URL > the > > > meta > > > parameters could be added as hidden inputs to the form, or (b) the > spec > > > could > > > disallow GET forms in Producer generated markup. > > > > > > ---------------------------------------------------------------- > > > To subscribe or unsubscribe from this elist use the subscription > > > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > > > > > > > > > ---------------------------------------------------------------- > > > To subscribe or unsubscribe from this elist use the subscription > > > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > > > ---------------------------------------------------------------- > > > To subscribe or unsubscribe from this elist use the subscription > > > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > > > > > > > > > > > > ---------------------------------------------------------------- > > > To subscribe or unsubscribe from this elist use the subscription > > > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > > > ---------------------------------------------------------------- > > > To subscribe or unsubscribe from this elist use the subscription > > > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > > > > > > > > > > > > ---------------------------------------------------------------- > > > To subscribe or unsubscribe from this elist use the subscription > > > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > > > > > > > > ---------------------------------------------------------------- > > To subscribe or unsubscribe from this elist use the subscription > > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > ---------------------------------------------------------------- > > To subscribe or unsubscribe from this elist use the subscription > > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > ---------------------------------------------------------------- > > To subscribe or unsubscribe from this elist use the subscription > > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > > > > > > > ---------------------------------------------------------------- > > To subscribe or unsubscribe from this elist use the subscription > > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC