>>>>> On Thu, 6 Dec 2012 11:58:09 -0800, Edward Burns <edward.burns_at_oracle.com> said:
>>>>> On Thu, 6 Dec 2012 11:53:44 -0500, Kito Mann <kito.mann_at_virtua.com> said:
KM> Here are a few more comments:
KM> Preface, p38 -- Cross site request forgery (not client side request forgery)
KM> 2.5.3.1 -- StateHelper should be mentioned here
KM> 7.6.2.4 -- awkward sentence -- should be more like "ViewHandler has several
KM> methods for handling cross-site scripting protecting. These method names
KM> all have the text "protectedView" and are covered in the Javadocs."
KM> 7.6.3 -- very vague -- doesn't even explain what the View Protection API is.
KM> I feel like we need a section explaining what "view protection" is, how it
KM> relates to CSRF, and points readers to the relevant sections (perhaps it's
KM> there and I missed it...)
EB> Thanks, applying them now.
Applied. See [1].
>>>>> On Wed, 5 Dec 2012 13:52:51 -0800, Edward Burns <edward.burns_at_oracle.com> said:
EB> I'll leave it on the shelf till close of business tomorrow and hand it
EB> to the JCP on Friday. If you have concerns, do voice them, but please
EB> consider if it is really necessary to hold up the PRD before doing so.
I'll let this [1] sit overnight and will submit it tomorrow.
Ed
--
| edward.burns_at_oracle.com | office: +1 407 458 0017
| homepage: | http://ridingthecrest.com/
[1] http://java.net/projects/javaserverfaces-spec-public/downloads/download/JSF_2_2/spec_snapshots/javax.faces-api-2.2-SNAPSHOT-20121206-javadoc.jar