- Improvement about web form manipulation (remove a field, set a text value to input fields by name, ...)
- Improved web form html generation, especially for select and type checkbox
- Updated the date input field interface with a new set_date_value .
File response:
- "application/force-download" is not a standard MIME content type, so use "application_octet_stream" instead as default.
Standalone connector:
- Added expected creation procedure for the service launcher.
- Added new "secure_port" configuration variable, for SSL standalone service.
This way, if `is_secure` is True, the server will use `secure_port` (overrides `port` value).
Date:
- Improved support for RFC 3339 (a profile of ISO 8601)
Removed obsolete and warnings:
- removed usage of FILE_NAME
- updated code to avoid implicit conversion from STRING_32 to STRING_8
- avoid uneed conversion to STRING_8 (when possible)
Adopted the nanoseconds timeout precision
- in config file added support for ns, us, ms, s timeout precision (without indication, it uses `seconds` precision).
Factorized the implementation in WGI_RESCUE_EXECUTION, and now by redefining the `WGI_EXECUTION.execute_rescue (...)` procedure, it is possible to have a custom response on such rescued execution.
This protection could be implemented with a regular expression,
or using another solution (as manual parsing).
Also, when a protection detects an issue, instead of returning empty string,
it returns Void. If the value is a multiple string value, if an item is detected for an issue,
the returned multiple string value is now Void.
This abstraction will allow to return either Void, or a "corrected" value,
for instance the string value, without the detected "<script..>..</script>" text.
TODO: improve the WSF_PROTECTION_REGEXP to allow replacement strategy.
Added a new library wsf_security.
Updated test cases to cover protections policy.
Added a simple filter using an XSS implementation with WSF_XSS_REQUEST, but
it's possible to build custom filters and request using different protection patterns.
Added an utility class to get safe query and form parameters.
Added a new WSF_XSS_REQUEST to use safe parameters.
Added a filter WSF_XSS_FILTER using WSF_XSS_REQUEST.
Added test cases
Signed-off-by: jvelilla <javier.hector@gmail.com>
Added WSF_EXECUTE_HANDLER as common ancestor for handler with `execute (WSF_REQUEST, WSF_RESPONSE) ..` routine.
Made more flexible a few routine by accepting ITERABLE instead of ARRAY, and READABLE_STRING_GENERAL when possible.
Warning: as there is no concurrent request handling in single threaded mode,
it is recommended to either set the keep_alive_timeout to a small value,
or disable persistent connection by setting max_keep_alive_requests to 0.
Change the default keep_alive_timeout from 15 to 5 seconds.
Accept -1 as value of max_keep_alive_requests to have unlimited number of request in the same persistent connection.
