Fix LAFuture.map/flatMap when an exception happens inside. Before the change `LAFuture.map`/`.flatMap` never satisfied the future in cases where the function threw an exception. After the change, returned future is satisfied by a `Failure`. This change also contains minor fix: `get(timeout)` was returning `Empty` instead of a `Failure` if the `LAFuture` was aborted. Also added extensions providing `toBox` conversions from `scala.Option` and from `scala.util.Try`.
….uitl.Try to Box: extension implicit classes with toBox methods.
We do this because Lift does a lot of AJAX-based script injection at the moment, which requires eval. So, to avoid breaking a Lift application, unsafe-eval stays on. Also expand a little on documentation to indicate Lift’s reliance on this functionality.
We add a FrameRestrictions sealed trait to represent the available frame restrictions, and make it Optional. The default is FrameRestrictions.SameOrigin, so as to line up with the previous Lift default of only allowing inclusion in frames from the same origin.
In particular, we now have a default handler that logs the violation, a case class to represent the violation JSON, and logging (and a 400 response) if we can’t parse the violation JSON.
SecurityRules provides a way to set security rules like HTTPS requirements and a content security policy, which are in turn served with resources from Lift via headers. Right now, we support Content-Security-Policy and Strict-Transport-Security headers. While a default reporting URI is in place for content security policy violations, there’s not yet any code that handles information sent to that URI.
We now track a "current count" for a comet request, and any calls to start a request carry the then-current count. Once a comet request is fired, the count is incremented, ensuring that even if a new comet request is scheduled multiple times, only one will run at any given moment. This is only the new part of the guard. The other part of the guard is that we track the actual current comet request and abort it if a comet request restart is needed. However, an AJAX request that was just begun cannot be aborted, so if multiple restarts are scheduled in one tick for whatever reason, we end up with multiple requests--this fix guards against that scneario.
Your data-lift is my data-lift: Reimplement data-lift as a data attribute parser. This PR reimplements data-lift as a data attribute parser. Few points of concern: - I want to go through at some point and clean up the copy-pasting of helper methods that I did wrt MetaData parsing. - I'm not entirely sure why I'm having to manually check for the parallel attribute in my parser. My understanding was that if my parser generates a lift: node, that should be processed subsequently by the regular SnippetNode parser, which does checks for parallel processing.
Unified parsers Enhancement for configuring parsers per discussion at https://groups.google.com/forum/#!topic/liftweb/WnaUFd9Fw5E . Adds a LiftRules.contentParsers rule which is a list of ContentParser objects. These can be used to define parsers for templates, which the template loading pipeline can use in turn. Out of the box, we provide the existing HTML and Markdown parsers, but this can easily be used to add, e.g., asciidoc support. ContentParsers can specify the template suffixes that they support, as well as provide a parser function that takes an InputStream and produces a Box[NodeSeq] and a surround function that may be used to auto-surround the content if it is at the root of a file (instead of included from another template).