eclipse-rap / org.eclipse.rap Goto Github PK

Hello,

We have upgraded our RAP version in our WAR file from 2.1 to 3.10 and deployed it on Jboss7. We have observed that:

1. mouse events are not working on table header
2. Combo box multiple character search stopped working . i.e. Instead of entering one character that takes you to the first instance of a word... if you enter two characters... you get the closer match

These features were working fine with RAP 2.1

From RAP community, I get to know that mouse events are NOT triggered in Table/Tree header. This change has been introduced here:
https://git.eclipse.org/r/c/rap/org.eclipse.rap/+/22050/

Could you please let us know when you are planning to fix this issue. This is a bit urgent as customer go live is blocked.

Here is the code snippets that we have used. It is a high level information and I am hopeful that it will help you to understand the situation.

We have class HeaderSortListener that implements MouseListener

public class HeaderSortListener implements MouseListener {
    /**
     * {@inheritdoc}
     */
    public void mouseDoubleClick(MouseEvent pE)
    {
        // TODO Auto-generated method stub
    }

    /**
     * {@inheritdoc}
     */
    public void mouseDown(MouseEvent pE)
    {
        // TODO Auto-generated method stub
    }

    /**
     * {@inheritdoc}
     */
    public void mouseUp(MouseEvent pE)
    {
// This function has business logic that perform the sort. Ideally this function should get called when table header is clicked.
// Observation : This function was getting called when we were using RAP 2.1. Once we upgraded RAP version to RAP 3.10 , This function is no more called on table header click.
    }
}

We have a initialize() method in a class from where we are registering header sort listener.

public class CustomMassTable  extends Composite
    implements TraverseListener, DragDetectListener, ModifyListener, IDoubleClickListener, DropTargetListener,
    IFilterListener, IErrorListener, KeyListener, IModifiable, IValidable
{
// Few instance variable and other stuff
private MouseListener headerSortListener;
private Table table;
private CheckboxTableViewer tableViewer;
public CustomMassTable(Composite pParent, int pStyle, boolean pMultiSelection, boolean pCheckLine, boolean headerVisible,
        Class<?> pObjectClass)
    {
        super(pParent, pStyle | SWT.NO_FOCUS);
        // Some initiation 
        initialize(descriptor);

    }

private void initialize(CustomMassTableDescriptor pDescriptor)
    {
// Some processing and layout build
table = new Table(middleComposite, tableStyleFlag);
tableViewer = new CheckboxTableViewer(table);
headerSortListener = new HeaderSortListener(this, sortIndex);
table.addMouseListener(columnSortListener); // This is responsible for registering the mouse event on table header and 
                                                                          //should call mouseup(MouseEvent pE)
}

}

In certain circumstances we want to prevent execution of sendShutdown/sendBeacon within the javascript part of RAP. One reason for doing so is the proper handling of a http-redirect responses (http code 302/303).
Thus being able to overwrite the _sendShutdown() function in javascript it would be much better to initially configure this on java side. Maybe there might be a possibility anywhere in org.eclipse.rap.rwt.application.ApplicationConfiguration.

(This description is just a small summary as we already discussed this topic on another channel).

Thank you and kind regards
Thorsten L.

The old deprecated databinding classes, e.g., org.eclipse.jface.databinding.swt.WidgetProperties, have been removed in 2022-12 (they have been replaced by org.eclipse.jface.databinding.swt.typed.WidgetProperties).
Is RAP planning to provide a org.eclipse.jface.databinding.swt.typed package.

Otherwise, we would not be able to do single sourcing with databinding.

thanks in advance
Lorenzo

The Eclipse RAP project migrated from the existing infrastructure for Git source code hosting (cgit and Gerrit) and bug tracking (Bugzilla RT-RAP) to GitHub (see request in issue #1193).

This ticket is for tracking all remaining steps of the RAP Runtime to GitHub migration, and includes documentation changes, but also updates in the build.

• Ask for creation of eclipse-rap organisation in GitHub
• Clone https://git.eclipse.org/c/rap/org.eclipse.rap.git/ repository to GitHub
• Update regular builds on Jenkins CI: rap-head-runtime and rap-head-runtime-signed
• Recreate verification build on Jenkins CI: rap-head-runtime-gerrit replaced by new rap-head-runtime-github
• Update Git URLs in source code (e.g. in entries in MANIFEST.MF)
• Update Bugzilla references in documentation
• Update RAP website, wiki pages quick edit
• Check and abandon (or copy) old open changes from Gerrit: the remaining changes will be kept there for the time being, all other changes have been merged and/or abandoned.
• Send information to community (developer mailing list, newsgroup, EclipseRAP@Twitter)

Since Chrome 105 (same with Edge 105), as soon as a horizontal scrollbar appears, the UI assigns clicks to the scrollbar not only for the place where the scrollbar actually is present, but also for an area of about the same size below. I've included an example below. We can always reproduce it with the ScrolledForm of a FormPage.

In this screenshot, all the yellow area is actually handling the scrollbar. I only have a small area at the bottom of the pages where I can switch to one of the other pages.

Info:

• Tested with Eclipse RAP 3.21 (and 3.19)
• The problem didn't occur before Chrome 105 (we tested it against 104).
• We use the 'business' theme (maybe the problem doesn't occur with the default theme?)

Here an example how we can reproduce the problem with as little code as possible:

Editor Input

package test;

import org.eclipse.jface.resource.ImageDescriptor;
import org.eclipse.ui.IEditorInput;
import org.eclipse.ui.IPersistableElement;

public class TestEditorInput implements IEditorInput {

    @Override
    public String getName() {
        return "title"; //$NON-NLS-1$
    }

    @Override
    public boolean equals(Object obj) {
        if (obj instanceof TestEditorInput) {
            return true;
        }
        return false;
    }

    @Override
    public <T> T getAdapter(Class<T> adapter) {
        return null;
    }

    @Override
    public boolean exists() {
        return false;
    }

    @Override
    public ImageDescriptor getImageDescriptor() {
        return null;
    }

    @Override
    public IPersistableElement getPersistable() {
        return null;
    }

    @Override
    public String getToolTipText() {
        return getName();
    }
}

Editor

package test;

import org.eclipse.core.runtime.IProgressMonitor;
import org.eclipse.ui.PartInitException;
import org.eclipse.ui.forms.editor.FormEditor;

public class TestEditor extends FormEditor {

    public static final String ID = TestEditor.class.getName();

    @Override
    protected void addPages() {
        try {
            addPage(new TestPage(this));
            addPage(new TestPage(this));
            addPage(new TestPage(this));
            addPage(new TestPage(this));
            addPage(new TestPage(this));
        } catch (PartInitException e) {
            // ignore for this test
        }
    }

    @Override
    public void doSave(IProgressMonitor monitor) {
        throw new RuntimeException("The method doSave is not yet implemented for class EditorPart"); //$NON-NLS-1$
    }

    @Override
    public void doSaveAs() {
        throw new RuntimeException("The method doSaveAs is not yet implemented for class EditorPart"); //$NON-NLS-1$
    }

    @Override
    public boolean isSaveAsAllowed() {
        return false;
    }
}

Page

package test;

import org.eclipse.swt.SWT;
import org.eclipse.swt.layout.GridData;
import org.eclipse.swt.layout.GridLayout;
import org.eclipse.swt.widgets.Composite;
import org.eclipse.swt.widgets.Label;
import org.eclipse.ui.forms.IManagedForm;
import org.eclipse.ui.forms.editor.FormEditor;
import org.eclipse.ui.forms.editor.FormPage;
import org.eclipse.ui.forms.widgets.ScrolledForm;

public class TestPage extends FormPage {

    private static final String ID = TestPage.class.getName();

    public TestPage(FormEditor editor) {
        super(editor, ID, "Title"); //$NON-NLS-1$
    }

    @Override
    protected void createFormContent(IManagedForm managedForm) {
        ScrolledForm form = managedForm.getForm();

        Composite body = form.getBody();
        body.setLayout(new GridLayout());

        Label label = new Label(body, SWT.NONE);
        label.setLayoutData(new GridData(6000, -1)); // almost guarantees a horizontal scroll bar
        label.setText("label"); //$NON-NLS-1$
    }
}

There is a textarea (Text widget with SWT.MULTI), which contains a lot of text (vertical scrollbar is visible).

The sequence of events to cause the error is as follows:

1. Use Edge or Chrome
2. The textarea has to be unfocused.
3. Use the mouse wheel to scroll down in order to see the last lines of the text (By this action, the field will not get the input focus)
4. Now try to select a few lines from the now visible portion of text by clicking into the field and selecting some text.

Expected result: The text is correctly selected.

Actual result:
When you click into the field, the field will scroll to the top of the text before the selection is applied. When the mouse is moved to expand the selection, this will be done based on the position of the mouse cursor in the then scrolled-to-top textarea, which is not what the user expects.
This seems to be due to the default behavior of the Edge/Chrome(?) browser in the textarea.focus() method and the fact that the current selection in the onfucsed textarea will be at position 0.

The issue is also described and was discussed here:
https://www.eclipse.org/forums/index.php/t/1112437/

My idea for a solution would be not execute the inputElement.focus() call in the mouse activation.

Best regards,
Gunnar Adams

Is it possible to instruct a DateTime Calendar control in RAP to NOT show the week numbers down the left side? In many cases these just clutter the display so would like to simplify the look and feel:

The text size measurement cache used by RAP seems to be the root cause of some strange artifacts we have been observing for a long time with one of our applications: https://www.eclipse.org/forums/index.php/t/1106089/

The current approach works as follows:

• at startup, send a probe containing some constant string to the browser and measure it
• get the result and look into the probe cache, to find if another browser has returned the same result for the current font+style+size
• if so, assume the current client will render all strings identical to the previously seen, which implies:
  1. text mesurement requests from the current client can be fullfilled from cached data generated by the previous client
  2. text mesurements performed by the current client can be used by other clients which return the same result for the initial measurement probe

However this approach seems to be fragile:

• the initial probe contains only some (ascii) characters
• special glyph positioning rules (e.g. less spacing under some special conditions) are not detected and lead to ugly work arrounds like the fix for bug 374914
• local conditions of the client which can change AFTER the initial probe has been computed can not be detected and poison the cache

consider the following circumstances:

• visually impaired user loads a RAP application, and initial probe returns a match
• the default font used is not suitable for the user, so he uses a browser plugin to change/overrides the font + size to something more readable
• the user now navigates through the application, the rendering he observes is broken by the cached values from other browsers and worse he poisens the cache with the wrong measurements performed by his client.

So as long as the cache does not overflow, the only way to fix broken rendering for all other clients is to restart the application.

I admit the above scenario is rather constructed, but in production we have been observing corrupted text measurement caches frequently and can not pinpoint the source. Maybe browsers return different measurements once the zoom level is changed while the application is used. Maybe special characters not contained in the probe cause mismatches. Maybe some users use plugins to overwrite the font chosen during use. We simply don't know and I can't think of ways to find the cause.

My point is the current approach - while worthwhile - seems to be rather fragile. There are so many things that can go wrong and once one thing happens at one client, it has negative effects on all other clients with the same initial probe result (which can be basically everybody in a standardized office environment).

Therefore I would propose an option, which allows to restrict caching of text measurements to session scope. So each client has its own measurement cache, and if something goes wrong only this client's rendering is broken until the next reload - not everbody else' too until the system is restarted.

If this would be of interrest / has a chance to get upstream, I would provide a patch.

In order to listen to mousewheel events in RAP, you have to implement a client side listener:

component.addListener(SWT.MouseWheel, clientListener);

Inside the javascript file you can process the event in the handleEvent function

var handleEvent = function( event ){
 // process event
};

However, the event does not provide any information on the scroll direction, like the swt mouseEvent.count, which would be very useful in the event processing.

The only information I get are:

{
  button: 1
​  stateMask: 0
​​  type: "MouseWheel"
​​  x: 485
​​  y: 184
}

Is it possible add a property like the swt count or the javascript deltaY to get information about the scroll direction?

In the Apache Hop project we're using Eclipse SWT to render our Hop GUI application. It's essentially a data integration IDE.
We also have a version of that runs on RAP which looks something like this:

It runs off the same user interface source code with minimal exceptions which is pretty cool all by itself.

The main concern in general is that images in toolbars, menu-items and so on have a low resolution which is about half of what we'd expect. We expect that there's a general setting at play since the resolution set on the canvas is also half of what we'd expect.

The question for this issue then is: where in the code is it decided to half the resolution of the whole user interface and how can we change this behavior? We'd be happy to test and create a PR if needed.

Thanks in advance for any tips!

With issue #12 the ability to add Content Security Headers (CSP) has been added to the framework.

In order to support strict CSP, all places where JavaScript is generated from strings in the property system of the JavaScript client needs to be rewritten.

Since RAP switched to using fetch instead of XHR, the ~"connection problem" dialog does no longer appear.
Instead the application just grays out like it does when waiting for a response from the server.

The reason is a type error:

rap-client.js:31494 Uncaught (in promise) TypeError: Failed to fetch
at rwt.remote.Request._sendWithFetch (rap-client.js:31494:5)
at rwt.remote.Request.send (rap-client.js:31446:12)
at Object.sendImmediate (rap-client.js:63503:17)
at Object. (rap-client.js:63416:12)
at Object._dispatchEvent (rap-client.js:3855:18)
at Object.dispatchEvent (rap-client.js:3796:12)
at Object._oninterval (rap-client.js:4469:16)
at rap-client.js:624:17
_sendWithFetch @ rap-client.js:31494
send @ rap-client.js:31446
sendImmediate @ rap-client.js:63503
(anonymous) @ rap-client.js:63416
_dispatchEvent @ rap-client.js:3855
dispatchEvent @ rap-client.js:3796
_oninterval @ rap-client.js:4469
(anonymous) @ rap-client.js:624
Promise.then (async)
_sendWithFetch @ rap-client.js:31502
send @ rap-client.js:31446
sendImmediate @ rap-client.js:63503
(anonymous) @ rap-client.js:63416
_dispatchEvent @ rap-client.js:3855
dispatchEvent @ rap-client.js:3796
_oninterval @ rap-client.js:4469
(anonymous) @ rap-client.js:624
setInterval (async)
_applyEnabled @ rap-client.js:4381
func @ rap-client.js:2929
start @ rap-client.js:4400
send @ rap-client.js:63476
(anonymous) @ rap-client.js:63421
_dispatchEvent @ rap-client.js:3855
dispatchEvent @ rap-client.js:3796
_oninterval @ rap-client.js:4469
(anonymous) @ rap-client.js:624
setInterval (async)
_applyEnabled @ rap-client.js:4381
func @ rap-client.js:2929
start @ rap-client.js:4400
sendDelayed @ rap-client.js:63469
notify @ rap-client.js:64741
_sendBounds @ rap-client.js:51483
_onWindowResize @ rap-client.js:51454
_dispatchEvent @ rap-client.js:3855
dispatchEvent @ rap-client.js:3796
createDispatchEvent @ rap-client.js:3744
_onwindowresize @ rap-client.js:15662
(anonymous) @ rap-client.js:624
rwt-resources/themes/images/4f61765f.gif:1 GET http://127.0.0.1:8080/rwt-resources/themes/images/4f61765f.gif net::ERR_CONNECTION_REFUSED

I previously reported this in the forum : https://www.eclipse.org/forums/index.php/t/1112650/

Now we have prepared a small sample application to demonstrate the issue.
ContextMenudDemo.zip

The idea is that you type some text into the text field, click the right mouse button, which will show a context menu and select the "Select All" option there.
In Chrome and Edge, the selection is applied, but at the same time the text field looses the input focus (unnoticed by the Java servlet). Therefore, the selection is no longer visible. Only by moving the focus back into the field (with anything but the mouse) the fully applied selection can be seen.

In Firefox it works fine.

I hope you can compile the example code.
At this time we haven't found a way to work around this issue. Trying to set or force the focus back to the text widget after applying the selection, does not work. Probably, because neither the Java servlet nor (maybe) the Javascript framework notices this unwanted focus change.

BR
Gunnar Adams

The XMLHttpRequest API has several limitations, e.g. it doesn't allow to handle redirects in HTTP responses manually.
To enable this and to make future enhancements possible, we should migrate to fetch.

Copy of Bugzilla bug 579074

If using a CSP header with RAP it would need to be configured with a CSP script-src directive with self, unsafe-inline, unsafe-eval.

Such a configurtion is very permissive and removes most of the security provided by CSP.

csp-evaluator.withgoogle.com allows to evaluate how a CSP configuration improves XSS protection and currently rates scripts-src values as follows:

• unsafe-inline as High severity:
  unsafe-inline allows the execution of unsafe in-page scripts and event handlers.
• self as Possible medium severity finding:
  self can be problematic if you host JSONP, Angular or user uploaded files.
• unsafe-eval as Possible medium severity finding:
  unsafe-eval allows the execution of code injected into DOM APIs such as eval().

Ideally the script-src tag should not be configured with any of unsafe-inline, self, or unsafe-eval.

• unsafe-inline is required because org.eclipse.rap.rwt.internal.service.StartupPage generates a script element with inline code.
• self is required because org.eclipse.rap.rwt.internal.service.StartupPage generates a script element with a src from server.
• unsafe-eval is required because RAP uses the eval() function for several features (Browser widget, client scripting and JavaScriptExecutor, BrowserFunction).

The proposed enhancement is to support configuring RWTServlet to generate a "strict" CSP header:

When CSP generation is enabled RWTServlet.sendStartupContent would:

• generate a nonce on request
• add a CSP header to the response: Content-Security-Policy: default-src 'self'; script-src nonce-<generatedvalue> 'unsafe-eval'; style-src 'self' 'unsafe-inline'
• pass the generated nonce to the StartupPage so that it can append the nonce to the <script> elements.

Additionally:

• RWTServlet could be configured to remove unsafe-eval from the src-script.
  In such a situation RAP features relying on JavaScript eval() would become unusable.
• RWTServlet could be configured to add other CSP directives like frame-ancestors

When using a Grid with autoHeight enabled, lines > default height are only sized appropriatly when the mouse hovers the row, because this cases _onRowRendered to be invoked.
This is a regression compared to RAP 3.11, however I am not sure exactly which commit did introduce it.

The issue does not reproduce when creating the grid directly in createContents(), as this causes _onRowRendered to be invoked twice, where the second calls performs the correct computation. However when creating the Grid during an event, _onRowRendered is only called once, in which case the calls to computeAutoHeight() seem return some dummy value (10).

Reproducer:

public class BasicEntryPoint extends AbstractEntryPoint {

  protected void createContents(Composite parent) {
	  parent.setLayout(null);
	  
	  Button createBtn = new Button(parent, SWT.PUSH);
	  createBtn.setText("Create grid");
	  createBtn.setBounds(100, 50, 200, 20);
	  createBtn.addListener(SWT.Selection, e -> createGrid(parent));
  }
  
  protected void createGrid(Composite parent) {
	    Grid grid = new Grid(parent, SWT.BORDER | SWT.V_SCROLL | SWT.H_SCROLL);
	    grid.setData(RWT.MARKUP_ENABLED, true);
	    grid.setAutoHeight(true);
	    grid.setBounds(100, 100, 500, 500);
	    
	    GridColumn col = new GridColumn(grid, SWT.NONE);
	    col.setText("Multi Line Column");
	    col.setWidth(500);
	    
	    GridItem item = new GridItem(grid,SWT.NONE);
	    item.setText("Multi <br/> Line");
  }
}

Hi,

as a follow up on this forum post: https://www.eclipse.org/forums/index.php?t=rview&goto=1851499#msg_1851499

I've made an initial attempt to add the Eclipse QuickAccess to Eclipse RAP.
You can view my WIP here: https://github.com/godyo-business-solutions/org.eclipse.rap/tree/features/add_quickaccess_support

What's working (under the hood):

• extension Point mechanism
• most of the default QuickAccess providers

What's not working:

• ViewElement and ViewElementProvider classes (heavily depending on e4 workbench stuff)
• the UI and the search
  • see QuickAccessContents: on SWT table a listener is registered for SWT.MeasureItem, SWT.PaintItem and SWT.EraseItem which are obviously not available in RAP
  • QuickAccessEntry uses TextLayout which is also not supported in RAP

I'll try to get something running by using the default SWT Table and TableItems, but of course this will look and behave differently, but maybe better than nothing.

Any hint or comments are welcome.

Bye Peter

The problem is that org.eclipse.swt.graphics.Image cashes all the images and there is no way to remove an image from the cache.

A solution will be to have it removed from the cache when image.dispose() is called.

The internalImage is created using org.eclipse.swt.internal.graphics.InternalImageFactory.findInternalImage()

InternalImageFactory should also have a removeInternalImage() method that does two things:

1. RWT.getResourceManager().unregister( path );
2. cache.remove( path );

As far as I understand, the deployment process of the release artefacts to Maven Central is still a separate (internal) process. It seems that nowadays it's possible to deploy directly to Maven Central using Tycho.

Since I only consume the RWT dependencies from Maven Central in my project, I can offer to have a look into how to improve this process, so it could integrate better into the regular release process. In this case it would be nice if you could share some insights in how it is currently done and where it should probably be integrated (e.g. in the RAP builds?).

Best regards,
Ben

See also: #63

Looks like
org.eclipse.e4.ui.workbench.renderers.swt.MenuManagerRenderer.updateVisibility(MenuManager, MMenuElement, ExpressionContext) has not been upgraded when imperative expressions were introduced.

After previously upgrading to RAP 3.20, we occasionally see this exception in production. Unfortunately we haven't found a way to deterministically reproduce it.

Any Suggestions? Thanks!

2022-11-21T22:28:10.383146347Z java.util.ConcurrentModificationException
2022-11-21T22:28:10.383157823Z  at java.base/java.util.ArrayList$Itr.checkForComodification(Unknown Source)
2022-11-21T22:28:10.383167628Z  at java.base/java.util.ArrayList$Itr.next(Unknown Source)
2022-11-21T22:28:10.383175730Z  at org.eclipse.rap.json.JsonArray$1.next(JsonArray.java:420)
2022-11-21T22:28:10.383184205Z  at org.eclipse.rap.json.JsonArray$1.next(JsonArray.java:1)
2022-11-21T22:28:10.383192454Z  at org.eclipse.rap.json.JsonWriter.writeArray(JsonWriter.java:120)
2022-11-21T22:28:10.383200133Z  at org.eclipse.rap.json.JsonArray.write(JsonArray.java:431)
2022-11-21T22:28:10.383207462Z  at org.eclipse.rap.json.JsonWriter.writeObject(JsonWriter.java:95)
2022-11-21T22:28:10.383214666Z  at org.eclipse.rap.json.JsonObject.write(JsonObject.java:593)
2022-11-21T22:28:10.383222008Z  at org.eclipse.rap.json.JsonWriter.writeArray(JsonWriter.java:124)
2022-11-21T22:28:10.383229769Z  at org.eclipse.rap.json.JsonArray.write(JsonArray.java:431)
2022-11-21T22:28:10.383238040Z  at org.eclipse.rap.json.JsonWriter.writeArray(JsonWriter.java:124)
2022-11-21T22:28:10.383246024Z  at org.eclipse.rap.json.JsonArray.write(JsonArray.java:431)
2022-11-21T22:28:10.383253769Z  at org.eclipse.rap.json.JsonWriter.writeObject(JsonWriter.java:95)
2022-11-21T22:28:10.383261714Z  at org.eclipse.rap.json.JsonObject.write(JsonObject.java:593)
2022-11-21T22:28:10.383269856Z  at org.eclipse.rap.json.JsonValue.writeTo(JsonValue.java:396)
2022-11-21T22:28:10.383277419Z  at org.eclipse.rap.rwt.internal.service.LifeCycleServiceHandler.writeResponseMessage(LifeCycleServiceHandler.java:189)
2022-11-21T22:28:10.383284946Z  at org.eclipse.rap.rwt.internal.service.LifeCycleServiceHandler.processUIRequest(LifeCycleServiceHandler.java:101)
2022-11-21T22:28:10.383305960Z  at org.eclipse.rap.rwt.internal.service.LifeCycleServiceHandler.synchronizedService(LifeCycleServiceHandler.java:75)
2022-11-21T22:28:10.383316337Z  at org.eclipse.rap.rwt.internal.service.LifeCycleServiceHandler.service(LifeCycleServiceHandler.java:66)
2022-11-21T22:28:10.383324481Z  at org.eclipse.rap.rwt.engine.RWTServlet.handleValidRequest(RWTServlet.java:135)
2022-11-21T22:28:10.383332839Z  at org.eclipse.rap.rwt.engine.RWTServlet.handleRequest(RWTServlet.java:117)
2022-11-21T22:28:10.383340918Z  at org.eclipse.rap.rwt.engine.RWTServlet.doPost(RWTServlet.java:107)
2022-11-21T22:28:10.383348862Z  at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
2022-11-21T22:28:10.383360164Z  at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
2022-11-21T22:28:10.383367739Z  at org.eclipse.rap.rwt.osgi.internal.CutOffContextPathWrapper.service(CutOffContextPathWrapper.java:106)
2022-11-21T22:28:10.383376943Z  at org.eclipse.equinox.http.servlet.internal.HttpServiceRuntimeImpl$LegacyServlet.service(HttpServiceRuntimeImpl.java:1457)
2022-11-21T22:28:10.383385782Z  at org.eclipse.equinox.http.servlet.internal.registration.EndpointRegistration.service(EndpointRegistration.java:159)
2022-11-21T22:28:10.383394146Z  at org.eclipse.equinox.http.servlet.internal.servlet.ResponseStateHandler.processRequest(ResponseStateHandler.java:67)
2022-11-21T22:28:10.383402374Z  at org.eclipse.equinox.http.servlet.internal.context.DispatchTargets.doDispatch(DispatchTargets.java:118)
2022-11-21T22:28:10.383410801Z  at org.eclipse.equinox.http.servlet.internal.servlet.ProxyServlet.dispatch(ProxyServlet.java:147)
2022-11-21T22:28:10.383419049Z  at org.eclipse.equinox.http.servlet.internal.servlet.ProxyServlet.preprocess(ProxyServlet.java:115)
2022-11-21T22:28:10.383426890Z  at org.eclipse.equinox.http.servlet.internal.servlet.ProxyServlet.service(ProxyServlet.java:104)
2022-11-21T22:28:10.383434324Z  at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

Hi Team,
I have two dispatcher and 2 UI server which are connected independently one to other one with UI and dispatcher, when i m clicking first UI server URl getting logon in browser and then try to click 2nd UI server URl then the first one is getting session timeout, i try to config as per stack over flow In the META-INF folder of your web application, place a context.xml file with the following content:

still getting same error, please suggest me how to approach on this issue to resolve.

Thanks and Regards,
Bikash.

Using CSP with values

"script-src 'unsafe-eval' 'strict-dynamic' 'nonce-' http: https:; object-src 'none'; base-uri 'none';"

prevent using 'retry' command in case of network error.
The problem is on "ErrorHandler.js" in method "getErrorBoxData"
in case of "connection error", action is a inline javascript:

...
result.action = "<a href="javascript:rwt.remote.Connection.getInstance()._retry();">"
+ messages.getMessage( "Retry" ) + "";
...

Error trace in browser console is:

Refused to run the JavaScript URL because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'strict-dynamic' 'nonce-5f40fa1612574b1f94d2f4524ad8b845' http: https:". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

In our RAP Application we make heavy use of client scripting to enhance the behavior of specific wigets.
Especially we use the SWT.MouseMove event to implement move or drag like features.

While
control.addListener(SWT.MouseMove, clientListener);
works fine on desktop browsers (where you have a mouse),
the event will not trigger on mobile devices, since they use touch input.

This is because the SWT.MouseMove is mapped to the javascript mousemove event, which only triggers on mouse movements, not on touch movements.
Javascript offers two alternatives: The touchmove is only triggered when touching and the pointermove is triggered in both cases.

Is it possible to map the SWT.MouseMove to js pointermove or alternatively implement an additional event for touchmove in order to have a similar experience on touch and mouse devices?

Issue created to continue the discussion started in the RAP forum/newsgroup: https://www.eclipse.org/forums/index.php/t/1111838/

The goal is to discuss options and plans to support, or migrate to the new Jakarta EE 9+ (Jakarta Servlet 5.0+) jakarta.servlet API (and possibly others).

Copy of Bugzilla bug 579790

Example project showing the issue: example.redirect.zip (@mknauer: added target definition, launch configuration, modified dependencies)

When trying to redirect from an HTTP filter (extension org.eclipse.equinox.http.registry.filters), it fails with the following details:

Error: SyntaxError: Unexpected end of JSON input

  Stack: SyntaxError: Unexpected end of JSON input
    at JSON.parse ()
    at Object._handleSuccess (http://vm-uablochberg2:8080/rwt-resources/3180/rap-client.js:230:3602)
    at rwt.remote.Request._success (http://vm-uablochberg2:8080/rwt-resources/3180/rap-client.js:98:925)
    at rwt.remote.Request._onReadyStateChange (http://vm-uablochberg2:8080/rwt-resources/3180/rap-client.js:98:1596)
    at XMLHttpRequest. (http://vm-uablochberg2:8080/rwt-resources/3180/rap-client.js:7:219)
  Debug: off
  Request: {"head":{"requestCounter":3},"operations":[["notify","w6","FocusOut",{}],["set","w2",{"activeControl":"w2"}],["set","w1",{"cursorLocation":[394,277],"focusControl":"w2"}]]}

In the attached example project, there are four different methods for redirecting. But when called in the filter handler, even the JSON redirect does not work.

Is there some other way to make the redirect work from filter code (because this is needed for openID connect authentication)?

It would be best if HttpServletResponse.sendRedirect() would work in any circumstance.

Hi,

this method seems to be missing. The JavaDoc and method from SWT:

/**
 * Sets the receiver's tool tip text to the argument, which
 * may be null indicating that the default tool tip for the
 * control will be shown. For a menu item that has a default
 * tool tip, setting
 * the tool tip text to an empty string replaces the default,
 * causing no tool tip text to be shown.
 * <p>
 * The mnemonic indicator (character '&amp;') is not displayed in a tool tip.
 * To display a single '&amp;' in the tool tip, the character '&amp;' can be
 * escaped by doubling it in the string.
 * </p>
 * <p>
 * NOTE: Tooltips are currently not shown for top-level menu items in the
 * {@link Shell#setMenuBar(Menu) shell menubar} on Windows, Mac, and Ubuntu Unity desktop.
 * </p>
 * <p>
 * NOTE: This operation is a hint and behavior is platform specific, on Windows
 * for CJK-style mnemonics of the form " (&amp;C)" at the end of the tooltip text
 * are not shown in tooltip.
 * </p>
 * @param toolTip the new tool tip text (or null)
 *
 * @exception SWTException <ul>
 *    <li>ERROR_WIDGET_DISPOSED - if the receiver has been disposed</li>
 *    <li>ERROR_THREAD_INVALID_ACCESS - if not called from the thread that created the receiver</li>
 * </ul>
 *
 * @since 3.104
 */
public void setToolTipText (String toolTip) {
	checkWidget();
	if (toolTip != null && (toolTip.trim().length() == 0 || toolTip.equals (toolTipText))) return;

	this.parent.getShell().setToolTipText (handle, (toolTipText = toolTip));
}

In RWT the handle is obviously missing.

Would be nice if that could be implemented. If someone would suggest a fix I could try to make a PR.

Thanks,
Bye Peter

Web UI for NetXMS (open source monitoring platform) is built on RAP.
References:
Source code - https://github.com/netxms/netxms
Product home page - https://netxms.org

We have a (SWT.VIRTUAL) TableViewer and in certain constellations the second and all subsequent setSelections select the wrong entry.

1. Create a (SWT.VIRTUAL) TableViewer (new LabelProvider(), ArrayContentProvider.getInstance())
2. Add 100 entries to the table with TableViewer.setInput
3. TableViewer.setSelection to the 4th entry (referring to the original input)
4. The correct entry is selected
5. Now add a filter to the TableViewer so that only the 3rd, 4th, 5th and 6th entries (referring to the original input) are left
6. TableViewer.setSelection to the 4th entry (referring to the original input)
7. Now: From the resulting 4 rows the second row should be selected, instead the 6th is selected
8. The Problems occurs because Step 5 executes a "clear" on all TableItems but this clear keeps the Widget.data field value intact and the original 4th items seems to be recycled for the new 6th item. So when Step 6 searchs for a matching Item it finds the wrong TableItem by comparing the 'new Selection' with the TableItem.getData (method from Widget)

Here a simple project to reproduce the issue:
https://we.tl/t-s0uMT7MLpG

(edit 2022-09-29 @mknauer: Attached referenced ZIP archive as Issue 57.zip to this issue)

Just open the web app and watch the Console. I've tried to keep the project as simple as possible (no fancy code) and to describe the problem with the comments within the code and in the console output. All the relevant code is in the class View.

I've fixed the issue by extending the clear method on TableItem but I don't know if this is a valid fix but would result in other problems:

    final void clear() {
        data = null;
        checked = false;
        grayed = false;
        parent.updateScrollBars();
        if ((parent.style & SWT.VIRTUAL) != 0) {
            cached = false;
            setData(null);  // <= added this line
            parent.redraw();
        }
    }

Attention: The described fix does NOT work with TableViewer.setUseHashlookup(true)!

Migration of Bugzilla bug 542478

The original bug reporter reported on 2018-12-06 10:49:46 EST ...

The result of a dependency check of our application (which is based on Eclipse RAP) showed a vulnerability in org.apache.commons.fileupload_1.3.2 with high severity and high confidence (CVE-2016-1000031). Therefore, I would like to request an upgrade of org.apache.commons.fileupload to the latest version (1.3.3) in RAP 3.7.

A detailed analysis (2018-12-11 06:29:59 EST) of the security issue in the mentioned library revealed that ...

RAP (org.eclipse.rap.fileupload bundle) is not using DiskFileItem. We are processing the input stream directly using FileItemStream (see FileUploadProcessor#handleFileUpload). That's why (...) we are not affected by the above vulnerability.

While the above ("RAP fileupload implementation is not affected by this vulnerability") is still true, we believe that an upgrade of org.apache.commons.fileupload is required in order to avoid false positives in security checks.

What's working fine:

• The widget has no issue in displaying existing dates prior to 01/02/1970
  
• Such dates can easily be inserted with the keyboard or by scrolling with the mouse wheel
• When clicking on the 'Arrow' Button the calendar component is opened and the existing date is also visible and selected just fine
  

What's not working:

• Now, when I select any date prior to 01/02/1970. No matter if I click on a day or I use the change buttons (by year or by month) at the top, the new date is not accepted and the previous date is kept.

As far as I can see this is solely an JS issue. The following method in the DateTimeDate.js is blocking any date with milliseconds prior to 01/01/1970 (in my case 01/02/1970, probably due to a timezone?)

_onCalendarDateChange : function() {
  if( !this._internalDateChanged ) {
    var milliseconds = this._calendar.getDate().getTime();
    var min = this._minimum ? this._minimum.getTime() : Number.MIN_VALUE;
    var max = this._maximum ? this._maximum.getTime() : Number.MAX_VALUE;
    if( milliseconds >= min && milliseconds <= max ) {
      this._setDate( this._calendar.getDate() );
      this._sendChanges();
    }
  }
},

I don't see the reason for these checks, can't they just be removed? Like:

_onCalendarDateChange : function() {
  if( !this._internalDateChanged ) {
    this._setDate( this._calendar.getDate() );
    this._sendChanges();
  }
},

I tried it locally and it worked quite fine for me.

If there is anything I can provide to help you with this, please let me know.

Edit: For completeness: The problems occurs because "this._calendar.getDate().getTime();" returns negative numbers for dates prior to 01/01/1970 00:00:00 according to the unix standard for dates.

I'm referring to this PR => #34

After upgrading from RAP 3.21 to 3.22 our build breaks with the following error:

[ERROR] Cannot resolve project dependencies:
[ERROR]   Software being installed: cifc.rap.e3.feature.feature.group 2.0.1.qualifier
[ERROR]   Missing requirement: org.eclipse.rap.rwt.osgi 3.22.0.20220708-1200 requires 'java.package; javax.servlet [4.0.0,5.0.0)' but it could not be found
[ERROR]   Cannot satisfy dependency: cifc.rap.e3.feature.feature.group 2.0.1.qualifier depends on: org.eclipse.equinox.p2.iu; org.eclipse.rap.rwt.osgi 0.0.0

I found this comment in the PR:

I was able to fix the above error by setting the lower boundary of the javax.servlet import to be at least 4.0.0 in our org.eclipse.rap.rwt.osgi bundle. This seems to pass the higher version import to the compiler, and omits the one that doesn't provide the new methods that require implementations/overrides.

Originally posted by @mknauer in #34 (comment)

I'm building a WAR to run in Jetty with this docker command:

docker run --rm -it -p 8080:8080 -p 8443:8443 -p 8001:8001 -v $PWD/target/deployment/:/var/lib/jetty/webapps/ jetty:9-jre17 -Dlog4j.debug -Dorg.eclipse.jetty.http.LEVEL=ALL 

How can I fix this?

Thanks in advance!

Peat

I suppose that not all exceptions are handled when using 'Request_sendWithFetch' , I found problems when 'ServerPush' is active,
sometimes retry is working and sometimes no.

I have modified "Request_sendWithFetch" adding try .. catch inside entire function and inside every 'then' and it seems to work fine.

This is, for example, an uncaught error:

This seems to be a regression of #41 and #45. This issue affects the artefact and pom.xml file deployed to Maven Central. It possibly affects other Maven build setups as well, in which the pom.xml information is used to pull in the dependencies.

( I'm repeating my comment from here: #41 (comment) )

I run into a Maven dependency resolution issue related to the version bump of commons-fileupload to 1.4.0 in my project. The resulting POM dependency entry of org.apache.commons.fileupload looks like this:

<dependency>
  <groupId>commons-fileupload</groupId>
  <artifactId>commons-fileupload</artifactId>
  <version>1.4.0</version>
</dependency>

It refers to version 1.4.0, but the actual version of the commons-fileupload artefact is 1.4. See: https://search.maven.org/artifact/commons-fileupload/commons-fileupload/1.4/jar

Maven treats versions 1.4 and 1.4.0 differently and fails to resolve the correct dependency from Maven central. The workaround is to enforce the version of the transitive commons-fileupload dependency to 1.4 (e.g. by using a strict dependency constraint).

I'm not sure how the pom.xml is generated, but it probably takes the information from the bundle dependencies, which afaik requires the use of the 3 part semvers. So there might be a version incompatibility between the bundle and Maven dependency worlds.

NB: I should mention that I'm experiencing this problem in a Gradle build and haven't tested it with a Maven build. However, since the version in the pom does not correspond to the artefact version in Maven central, other Maven builds might run into this issue as well.

I've observed this issue for a few years now back when I started to work with RAP-3.1 and it still is present in RAP-3.22. From time to time and for no appearant reason clients stop responding to browser-resize events, while everything else continues to work just fine.

Typically when resizing the browser window, the client accumulates changes and periodically pushes those values to the server (setBounds, notifyResize). At first I had doubts whether this could be an issue with application-code (some resize-listeners missing), but than I noticed even a minimal example with only an empty entrypoint causes those setbounds/notify-messages to be sent over.
For a client in degenerated state however, no network messages are sent to the server on resize - and while other events/etc work just fine, also other events don't cause a resize (so this rules out those resize-messages are just stuck somewhere and don't cause a flush).

I tried to debug the issue further, but now I am a bit stuck:

• in _dispatchEvent (Internal event dispatch method), I see evt._valueType with "windowresize", so the browser seems to trigger the event:

• and later recompute also detects the width changes:

after which it flushes the GlobalQueues. but no network request is issued by this.

In contrast, on a working client I get additional related events after a browser resize, like the changeWidth event shzown in the screenshot below. This changewidth-event is completly missing in the dysfunctional state:

I would be really grateful for hints where to debug / search further. The fact that this seems to happen seldom and quite random makes it hard to dig deeper...

Update: I wasn't sure whether this happens only on Firefox, but in a ticket from 2019 I just found the note "mostly happens when using google chrome". so the issue doesn't seem to be browser-specific.

If I set getTable().getColumn(index).pack() for a field with bold, the value does not fit in the cell and has '...' at the end of the value.
If I don't use bold, the value fits in the cell

With the fix #90
error is catched, but not correctly handled by ServerPush.js / Connections.js

when a ServerPush issue a request, and there is an error, inside '_handleError' check
rwt.remote.Connection.getInstance()._isConnectionError( event.status )

but now "event.status" is undefined and _isConnectionError return false.
I have modified _isConnectionError adding also condition || statusCode === undefined
and works fine.

To test simply activate a serverpush request, next disable/enable network cable, then do any action, without "statusCode === undefined" there is no any retry in serverpush request

After every request the Connection#_hideWaitHint function is executed, which resets the application cursor to null.

When using autoHeight / varialbe height grid rows, GridEditor Widgets are not properly positioned - but instead are positioned where they would belong with standard row height.
My guess is, the problem originates from the height of the grid rows being computed client-side, but the GridEditor Widgets are layouted server-side.

public class BasicEntryPoint extends AbstractEntryPoint {

  protected void createContents(Composite parent) {
	parent.setLayout(null);
	
	Grid grid = new Grid(parent, SWT.BORDER | SWT.V_SCROLL | SWT.H_SCROLL);
	grid.setData(RWT.MARKUP_ENABLED, true);
	grid.setAutoHeight(true);
	grid.setBounds(100, 100, 500, 500);
	
	GridColumn actionCol = new GridColumn(grid,SWT.NONE);
	actionCol.setText("Action");
	actionCol.setMinimumWidth(200);
	
	GridColumn textCol = new GridColumn(grid,SWT.NONE);
	textCol.setText("Textcolumn");
	textCol.setWidth(200);
	
	generateItem(grid, "multi <br/> line");
	generateItem(grid, "single line");
  }
  
  void generateItem(Grid grid, String txt) {
	    GridItem item = new GridItem(grid,SWT.NONE);
	    item.setText(1, txt);

		Button b = new Button(grid, SWT.PUSH);
		b.setText("button");
		
		GridEditor editor = new GridEditor(grid);
		editor.minimumWidth = 150;
		editor.minimumHeight = 10;
		editor.setEditor(b, item, 0);
  }
}

Moved from Bug 580819

We have a RAP application using the Jetty OSGI tools/framework.
When the application is logged-in/started from a browser, it works fine and we are able to execute all the functionalities.
But when we try to hit the application from an external link, it sends the authentication credentials as POST parameters for the RAP application.

The issue is that we are unable to fetch these POST parameters. We don't know where exactly these POST parameters are getting lost/nullified.

In RAP 1.5 a simple RWT.getRequest.getParameter("name") worked fine for both POST and GET, but in new versions it asks us to use StartupParameters and using this class we are only able to fetch the GET parameters.

Does that mean if we want to start/initiate the RAP application from a 3rd party link, we need to use separate entry-point (like a servlet) and try to get the POST parameter and then direct it to Entrypoint?

OR

is there any way we can figure out the POST parameter before Entrypoint pre-requisites are executed?

State written through MPart.getPersistedState().putIfAbsent() is not present in the saved model file.
This happens because invoction of the @PersistState annotated methods happens after the model file has been written.

This is the stack of writing the model:

E4Application.saveModel() line: 193	
E4EntryPointFactory.createWorkbench() line: 85	
E4EntryPointFactory$1.createUI() line: 45	
RWTLifeCycle.createUI() line: 177	
RWTLifeCycle$UIThreadController.run() line: 290	
UIThread(Thread).run() line: 834

This is the stack of invocation of the @PersistState annotated methods:

PartRenderingEngine$3.run() line: 828	
SafeRunner.run(ISafeRunnable) line: 45	
PartRenderingEngine.removeGui(MUIElement) line: 813	
PartRenderingEngine.safeRemoveGui(MUIElement) line: 865	
PartRenderingEngine$3.run() line: 828	
SafeRunner.run(ISafeRunnable) line: 45	
PartRenderingEngine.removeGui(MUIElement) line: 813	
PartRenderingEngine.safeRemoveGui(MUIElement) line: 858	
PartRenderingEngine$3.run() line: 828	
SafeRunner.run(ISafeRunnable) line: 45	
PartRenderingEngine.removeGui(MUIElement) line: 813	
PartRenderingEngine.safeRemoveGui(MUIElement) line: 865	
PartRenderingEngine$3.run() line: 828	
SafeRunner.run(ISafeRunnable) line: 45	
PartRenderingEngine.removeGui(MUIElement) line: 813	
PartRenderingEngine.safeRemoveGui(MUIElement) line: 865	
PartRenderingEngine$3.run() line: 828	
SafeRunner.run(ISafeRunnable) line: 45	
PartRenderingEngine.removeGui(MUIElement) line: 813	
PartRenderingEngine.safeRemoveGui(MUIElement) line: 865	
PartRenderingEngine$3.run() line: 828	
SafeRunner.run(ISafeRunnable) line: 45	
PartRenderingEngine.removeGui(MUIElement) line: 813	
PartRenderingEngine.stop() line: 1195	
E4Application$1(E4Workbench).close() line: 191	
E4EntryPointFactory.createWorkbench() line: 86	
E4EntryPointFactory$1.createUI() line: 45	
RWTLifeCycle.createUI() line: 177	
RWTLifeCycle$UIThreadController.run() line: 290	
UIThread(Thread).run() line: 834	

If you compare the stacktraces, you will find that writing the model happens in
E4EntryPointFactory.createWorkbench() line: 85
but invocation of the @PersistState annotated methods happens afterwards, in
E4EntryPointFactory.createWorkbench() line: 86

Moved from Bug 580712.

Content Proposal Dialog Reopens if ENTER is used for ContentProposalAdapter's KeyStroke in RWT

Summary

In our solution, we're using a text field paired with a ContentProposalAdapter. Then keystroke to activate the ContentProposalAdapter is ENTER. In our SWT application the process of hitting ENTER and selecting a proposal works without any issue. However in RWT, the problem is that once ENTER is used to select a proposal, the proposal pop-up opens again.

• RAP version:
  • 3.14.0-SDK-4.17.0
• Browser (issue present in all browsers that I tried):
  • 105.0.1343.27 Edge
  • 105.0.5195.102 Chrome
  • 104.0.2 Firefox

Possibly similar issue: Bug 445464 - ContentProposalAdapter proposals popup stays visible if Combo is used as a control

Steps to Recreate Issue

Run the attached snippet as an RWT application

1. In the field labeled "Content Proposal KeyStroke = ENTER", hit ENTER
2. Select a proposal and hit ENTER
   Expected: Content Proposal Dialog closes
   Actual: Content Proposal Dialog reopens

NOTE: I've also added another field titled "Content Proposal KeyStroke = HOME" to demonstrate that this workflow works fine if the Content Proposal keystroke is set to anything else. This would indicate that the issue is around enter being used both by the ContentProposalAdapter and selecting items in the proposal pop-up.

Copy of Bugzilla bug 579671

When you activate drag and drop on controls labelled with HTML markup (TableItem, TreeItem, ...), hover decoration on dragging is the inner html content of markup (as text), which is troublesome.

It should be at least the same behaviour as other drag operations in RAP, which display icon + text under cursor while dragging.

See https://www.eclipse.org/forums/index.php/t/1110563/

Ideally and in general we should be able to customize the hover decoration when dragging some controls (feel free to open another request for that).

Right now, one can't set focus on columns that have false value for the visible variable on the grid.

    Display display = new Display ();
    Shell shell = new Shell(display);
    shell.setLayout(new FillLayout());

    Grid grid = new Grid(shell, SWT.BORDER | SWT.V_SCROLL | SWT.H_SCROLL);
    grid.setCellSelectionEnabled(true);
    grid.setHeaderVisible(true);
    GridColumn column = new GridColumn(grid, SWT.NONE);
    column.setText("Column 1");
    column.setWidth(100);
    GridColumn column2 = new GridColumn(grid, SWT.NONE);
    column2.setText("Column 2");
    column2.setWidth(100);
    GridColumn column3 = new GridColumn(grid, SWT.NONE);
    column3.setText("Column 3");
    column3.setWidth(100);
    column3.setVisible(false);

    GridItem item1 = new GridItem(grid, SWT.NONE);
    item1.setText("Item");
    GridItem item2 = new GridItem(grid, SWT.NONE);
    item2.setText("Item2");

    shell.setSize(500, 500);
    shell.open();
    while (!shell.isDisposed()) {
        if (!display.readAndDispatch()) {
            display.sleep();
        }
    }
    display.dispose();

Column 3 called setVisible(false) and SWT error throws an exception when the focus is on the column 3.

I have a possibility to hide columns and if I set focus on one of them, server error message is displayed, and one need to restart the application. I would expect not to terminate the application if one focus on the column, which is not visible.

stacktrace.txt

Hello Team,

Currently we are using jboss7.4 with openjdk8. RAP version used is 3.10 . Please suggest RAP version which is compatible with jboss8 and openjdk17 . We would like to migrate to that version.

When setting the text of a label to a string which contains an ampersand, the '&' is simply ommited from the label's actual text.

e.g.:

    Label l = new Label(parent, SWT.NONE);
    l.setText("Hannes & Werner");

results in:

Does RAP implement any prevention mechanism against CSRF ? Please let me know if it is already implemented in RAP 3.10
Thanks for any lead on this.

The RAP RC1 contribution has unsigned content:

https://download.eclipse.org/rt/rap/3.22/RC1-20220831-0943/

All these unsigned artifacts should have PGP signatures, but those are not present as reported here:

https://download.eclipse.org/oomph/archive/reports-extra/rap-3.22-rc1/download.eclipse.org/rt/rap/3.22/RC1-20220831-0943/index.html

I also manually checked this:

https://download.eclipse.org/rt/rap/3.22/RC1-20220831-0943/artifacts.xml.xz

The org.apache.commons.commons-io bundle, which I noticed was unsigned from manually testing installs of 2022-09 RC1 RAP, looks like this:

    <artifact classifier='osgi.bundle' id='org.apache.commons.commons-io' version='2.11.0'>
      <properties size='5'>
        <property name='download.size' value='327135'/>
        <property name='artifact.size' value='327135'/>
        <property name='download.md5' value='3b4b7ccfaeceeac240b804839ee1a1ca'/>
        <property name='download.checksum.md5' value='3b4b7ccfaeceeac240b804839ee1a1ca'/>
        <property name='download.checksum.sha-256' value='961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908'/>
      </properties>
    </artifact>

But it looks like this in the platform's 4.25 I-Builds:

    <artifact classifier="osgi.bundle" id="org.apache.commons.commons-io" version="2.11.0">
      <properties size="12">
        <property name="maven-groupId" value="commons-io"/>
        <property name="maven-artifactId" value="commons-io"/>
        <property name="maven-version" value="2.11.0"/>
        <property name="maven-repository" value="eclipse.maven.central.mirror"/>
        <property name="maven-type" value="jar"/>
        <property name="download.size" value="327135"/>
        <property name="artifact.size" value="327135"/>
        <property name="download.md5" value="3b4b7ccfaeceeac240b804839ee1a1ca"/>
        <property name="download.checksum.md5" value="3b4b7ccfaeceeac240b804839ee1a1ca"/>
        <property name="download.checksum.sha-256" value="961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908"/>
        <property name="pgp.signatures" value="-----BEGIN PGP SIGNATURE-----&#10;&#10;iQIzBAABCAAdFiEEnjBEBxt1jry35FZzcA5PObwFNksFAmMSLn0ACgkQcA5PObwF&#10;NksmBw/9GJFNIuqhHOQXz+I5ekcosGTOfw1Bcn2g3B7en5KjVToJYdkywNab1Dbh&#10;DZEzGK5daGZzD5075wa3jx3AmIBN5CJnj8rB1wLgWM4ZMi9VpyDv2mQqORB+RmOr&#10;gZDI/2ovqc9eosZ83/5TaihLL4Hzu95zwwObfPu0OtXexviIGCdkiBKtH+WiQbDV&#10;BVbOj7C6c8GmFTtlgF2zU8UvtVBql2BPzBRhnKSN0DuqjpFXcmM8HZJtpQ1C1i1Z&#10;m4/JlWy9YUvq9ljkK4As57zDePvfeqxng04EL7eGk6KEu2xsDZHgxPYD0bmMbaKn&#10;16CbCFOpVjhhVdhF2wUtGEHmryhZv2hCVg9VEvzxPmjadrVJqdi6CwRDI2xgLxd5&#10;XPUwNlTeI0flPcTUsUOCovx7w/enEC8orYcgEBvZkOxulmm084AhkA2pMSGX6XqS&#10;e5kxCiyiDt1SxaYQ8Qdr7BqFFlICOLu20ncyeROMt3FlsrbhgwS/Du8G1L+Sn5c1&#10;TM4s6EHPotKJmGHgC9vgUwVQ/DPLb0pKcvYVwyfgpOKl5lJvYhWS/sVzcqKvcINU&#10;3GqQLR4PYPcZKXrcKOYgVXobvLEqOeW8IJFAs9B3n9eXVt/Soo1TUZYaQs5Xutb0&#10;3IJxlvyvL4f/KjZa2jGCybhIDj4rODJzNK5h98deJUguXp2Ev3c=&#10;=JH5R&#10;-----END PGP SIGNATURE-----&#10;"/>
        <property name="pgp.publicKeys" value="-----BEGIN PGP PUBLIC KEY BLOCK-----&#10;&#10;mQINBFhaXO0BEAC8WCdwrJNF/W+C8m9FYwAhEvKBvQ7xmoGYZqgcYe2ntT8udvgZ&#10;k+dRwZJnu1VI3a8feOLrAmeNI2MxPP0+l2kGeC55c10duXPzLvW9oHONm39FZpCM&#10;X1m66TYkUBeu/DIttNf5l0nv54dmm4VAWjutnVmlKGf5MVmmAH4mrkmgs7UTyQRK&#10;JKJ8B7tAt6CI1tXq2ULjzUpz9iyD1IkWal4K2gYfooSuGLayNY+SCdcT9uZkpS4B&#10;rnHy2QeJqPSnJv+5G1SkX1fzavWelrf72vx+su8L8QzUa6JtGJatFbAHzEdXGJ98&#10;JnK7TAQvR3hCyzj+TnVCY1hiRO6B+4zI3j/vSJVdc5wmLejvfZRqhiaQ8Vr4xDbu&#10;w7/i+raAKwr//zVGAqp/zN6zQmyoLks+cfuI4yqHuXKGaNs5RapKCxfukC/TRB2e&#10;fLhqCpXAbRQ8a+R+0CCBP2WYDYNQoh4FnwuqtZefnm8NVKW+2we5y3llIrXV5PQb&#10;FFN5WOLuNvO/JOtRQSjNd4WYttwNCDP7ATpRK6ixz7qveztGNhuiCRx01HbZ2uUE&#10;DKV0DW8mWRjALl9/akMRcdIeTayKHDVjeNq5amnWT0vZ2F422BJW6sQryTs/NIBK&#10;XGoVVZeXms3fzL9IpztcVFZTuwmk5kk1FXXaBDMwVHlR5hC5gIuLIfLVEwARAQAB&#10;tDpFY2xpcHNlIFBsYXRmb3JtIFByb2plY3QgPHBsYXRmb3JtLXJlbGVuZy1kZXZA&#10;ZWNsaXBzZS5vcmc+iQI9BBMBCAAnAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheA&#10;BQJhuzR+BQkSxtkRAAoJELbTq5vMZBKCntUP/i+waQ1AAKEMBuwuP9KbAKNLyTFa&#10;Dl5cbwIcehAne5u7x3CfqYxc2NBCjM20akmYVnTYtvAriLKq9HcycYl98mxfWNOb&#10;/UtO2d04cBWqRn5U9TW0QbXrA3/kScmKzf8qWr2m6DLgl3ZVewapoP9iNYOVeWRB&#10;iI7ap+yLJwlRp0YxPjpgkSeV5+ghFpUG3ppqAIlB5QaNadbG9xIoqcs0x4gdyrUS&#10;uPFX42p6y+JIM31eDW4hKcyo29C8xg4oMQsmL6fZAASP+IXboqjaK/QijA2etVsq&#10;vyv8A+FAzZlV9zEx9EY6aJvIjABDV0IUrbfbmyUckM/sbsy7Wa13koiMIAUu8ylv&#10;HOXkblBqUPDeoZS1KXOpiRHoJ0+WalLWayiWSOiDdMeq2Le0EZvLhvK/No4TZWSl&#10;WEa3IZA/nKHeDI5Sv4NG4kcFyrrgJSphezgF3dU+EePeAtOYv3OWpLbgKbs2BTY3&#10;B7Y36aX6svrJD667bPkjj7EQumJSr6vtEB7YJF5WtXR3voviDACpm0+jJN7KQsmM&#10;X26z6J8VNOqzQvTekRZKr1lSSgECPdHZQaBfTM5ODiOGkVInR0LN9Tx1zriuQdoh&#10;vMlXF/EmuxzKi7TP9MfW6xB6/7gAIJDdEhJni5+Q14U5j6oOaXUzpcFEjg7xyBe7&#10;0/Inw3JlHfp/q2McuQINBFhaXPsBEAC3bR7f5euHbpIDDTuFYHPI0+S5X0DhuqcG&#10;BUL2HSFhWMwIlfsAaO+pt7GyfXLUkTmzugwmwO+sOW2QmwEZQcK2z3BrcjytZoph&#10;Z9AUajbAjnadSH6UXCMmfExVVnaYSfl/+Uub42szQE/r3gCRIz6M6clVVAjpFv4G&#10;/mumfQUV/XzLoUEYXTgwTokFJ97R+hDbHvBEBrUT8M6zHP5DhN3EBug3qb6wZVOa&#10;/+HEX3M+7k4jVT/ppNumw0acg0DDoSNQ13VsRV6sV0XE4zr3Zfs84f8xCgXpEMs4&#10;U6DZGqs3iJVVtbRf0oL0fgcxNgRrmbCrBfbXYfrS4u+fJ0vB+Wrflv9eNA3i6TtV&#10;L6uYpZy9uO2B1olKVzfEhsgB3QrULB4jVHZjIXGe4ILn45ndMtAeY4M91wyobgG9&#10;9Xl+1vPHrxV0+2zRP66J3puyxiKE2B7gd7hib54CB3lYyrG1S+K1kZGCI1IFKCnq&#10;mTJXY0tKoLAASS3vtDcknXenzR5RVSpWTDuxtusekfL0Bw8pCBoz9L4Hex8Q1j//&#10;D5CZlqcg1NKFfmBZ7ta9PTuJcpOsz/LaPG/0VHYt/QAv5o4eeZESl7iZyM4/0NFh&#10;2s/rq0R8Z9yVSSkIvvO8d8XGZ65NTm3T4NFuEihn+AEm+zg4KiGdYBEZvs8QQoW9&#10;e1+MMN8xnwARAQABiQREBBgBCAAPAhsCBQJhuzR9BQkSxtkCAinBXSAEGQEIAAYF&#10;AlhaXPsACgkQcA5PObwFNkunSw//SRR1tGS1pDj2jonLpR0wPilCphS6ANv895yv&#10;lg6rHG4nKi4hQ0JzZxhGCwkgxEkRaKiyLfEiTihETkF161AqLPhyvE8LuQ1AG+A+&#10;tUnR8/T3gKE8t/m2/UtScZwN1QEQVc/uG7MTrbZ2ngXfH65k3fzhjy95AnJHAswu&#10;2vic1hzDi77HlQpN0O3adJuU/jfdu1RxNE0MRt8MFEjsTFwSBVm6lDxgcZV+qjRL&#10;GQznTyLF5/AyCI7Z4z9xHZPKFq1eHzqevifNiqfb8KX22sHKOSdnVBzBq/UxbT5j&#10;IbNSRhD91FjtZD7Z6wi3POsB/9RWZBldCov4ZEajmxFzxpx4RAqYOSIkEor9ZtRG&#10;bZuWvTie4vFIur7Tf543mE6nxKcggExNp4MTyOd1scMc9oyczH561OTdHOCYEyoC&#10;wpG9N2Hb1/MDnWSiHKG451CvdrE5FHcPZKjp/nHUcRw/WQC3bgj6ScAay64EKC5S&#10;9tW+Wp85Oyyvj+M7lBzOxp19nESpfC++fzBAQPMxtD8EvrZTxqFSJxMOH9bhzB8+&#10;MFt08tmYb5SwoYi4C8JJ+wZgNetJKK+j07fvyMUChH/SbkCVszMiiSEjHA2Kk0LM&#10;VYKS/OLJU7i7tZXVaJ078QEeTDy5hSzsutd+orlFkR9+mgr1HUh0UgYlofTfEi7b&#10;LDeSr0cJELbTq5vMZBKCicIP/irazYBVKw0SluhHtjzRcs5WIdH5bVPsEE87+iUc&#10;4daONWdVIhLdokxtOWlrEmZFLKqq9Z8fzvlf5LAQMOBkMAkl0z2ej4KG7zrjWyqD&#10;gysEI2WBlqTAFSeL+89Kc9BzJE9heYW8EfpXbNfOnKnAYWsbhcomSxVQ/jBIuyLB&#10;g/0gYKpBNx8HC6v9xNH0Ja+wM/7w3JC1aIwMYJn1yF2ykUYS+BoTCU7TA8r43pHg&#10;4I4Fz+Y2P5RLk+RJI4kJezDNiJOpIcr/nKTPxMGUzMtWlGyAJ7LkyOZCtQXhtXwa&#10;T8grjtHzlwlGrpgDRtf7wWjzEWeaQSegTFM9Mid+09kCp0PkJvveg8wJCuoVboNO&#10;to0O5rQsUczjXxiWkXYlHGeQL4rWc1zP7F1n4DEwDbVZC7jOn/80l3x4LcKuhc86&#10;gP4L5HKbdjn5GcQ03RVLl1WVTQCdpr0+am28hl9XpyHdlWwSEmqqoUnjGv5B8RCl&#10;ocBRS4ECPPZCVSBlyK8eDgRww9Fu1EFq4xkq5fGj4YUOAIm756iW41NQ3VnPYbom&#10;/J27iFFN8+h92CSbKAqhmRwQh+GGo0eGCXmPHyQ/KCHTvnTZCFBUvabm3rVNFaDO&#10;+RvmwPwNCRz0DYzGpaeMOGo4nMMGbzdhgfJ/X5Ed1/Mqz8egHhGIO94ebKEN5ZtJ&#10;jAOK&#10;=EmXb&#10;-----END PGP PUBLIC KEY BLOCK-----&#10;"/>
      </properties>
    </artifact

From the sha-256, I can see it's the same artifact.

What version of Tycho is being used for the builds? You must use a newer version such as 2.7.3 or 2.7.5. If you are pulling directly from Maven yourself, you must PGP sign it...

When creating a small canvas (e.g. 10px), the content of the canvas is moved downwards.
E.g. on the following screenshot two canvases were created and fully filled black, however the tiny canvas on top has a white area on top:

The issue is caused by canvas being inline by default, setting display=block resolves the issue.
I'll submit a patch soon.

In many web applications it is possible to unveil the password entered into a password text field by an "eye" icon on the right side:


RAP is still missing this functionality. It would be nice, if in the future, RAP would support such an "eye" icon as well.