CVE-2023-25499: Disable sending updates to client for effectively non-visible nodes by tepi · Pull Request #15885 · vaadin/flow

… has changed if testvalue differs from original value

vaadin-bot pushed a commit that referenced this pull request

May 17, 2023

…15885)

* Disable sending updates to client for effectively non-visible nodes

* Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value

* Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

---

Co-authored-by: czp13 [email protected] Co-authored-by: Peter Czuczor [email protected]

vaadin-bot pushed a commit that referenced this pull request

May 17, 2023

…15885)

* Disable sending updates to client for effectively non-visible nodes

* Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value

* Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

---

Co-authored-by: czp13 [email protected] Co-authored-by: Peter Czuczor [email protected]

vaadin-bot pushed a commit that referenced this pull request

May 17, 2023

…15885)

* Disable sending updates to client for effectively non-visible nodes

* Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value

* Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

---

Co-authored-by: czp13 [email protected] Co-authored-by: Peter Czuczor [email protected]

vaadin-bot added a commit that referenced this pull request

May 17, 2023

…15885) (#16811)

* Disable sending updates to client for effectively non-visible nodes

* Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value

* Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

---

Co-authored-by: Teppo Kurki [email protected] Co-authored-by: czp13 [email protected] Co-authored-by: Peter Czuczor [email protected]

mshabarov pushed a commit that referenced this pull request

May 17, 2023

…15885)

* Disable sending updates to client for effectively non-visible nodes

* Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value

* Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

---

Co-authored-by: czp13 [email protected] Co-authored-by: Peter Czuczor [email protected]

(cherry picked from commit eab4f09)

mcollovati pushed a commit that referenced this pull request

May 17, 2023

…des (#15885) (#16810)

* Disable sending updates to client for effectively non-visible nodes

* Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value

* Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

---

Co-authored-by: Teppo Kurki [email protected] Co-authored-by: Peter Czuczor [email protected]

mcollovati pushed a commit that referenced this pull request

May 17, 2023

…des (#15885) (#16812)

* Disable sending updates to client for effectively non-visible nodes

* Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value

* Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

---

Co-authored-by: Teppo Kurki [email protected] Co-authored-by: Peter Czuczor [email protected]

mshabarov pushed a commit that referenced this pull request

May 17, 2023

…15885)

* Disable sending updates to client for effectively non-visible nodes

* Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value

* Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

---

Co-authored-by: czp13 [email protected] Co-authored-by: Peter Czuczor [email protected]

(cherry picked from commit eab4f09)

mshabarov pushed a commit that referenced this pull request

May 17, 2023

…15885)

* Disable sending updates to client for effectively non-visible nodes

* Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value

* Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

---

Co-authored-by: czp13 [email protected] Co-authored-by: Peter Czuczor [email protected]

(cherry picked from commit eab4f09)

mshabarov pushed a commit that referenced this pull request

May 17, 2023

…15885)

* Disable sending updates to client for effectively non-visible nodes

* Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value

* Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

---

Co-authored-by: czp13 [email protected] Co-authored-by: Peter Czuczor [email protected]

(cherry picked from commit eab4f09)

mshabarov added a commit that referenced this pull request

May 17, 2023

…15885) (#16819)

* Disable sending updates to client for effectively non-visible nodes

* Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value

* Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

---

Co-authored-by: czp13 [email protected] Co-authored-by: Peter Czuczor [email protected]

(cherry picked from commit eab4f09)

Co-authored-by: Teppo Kurki [email protected]

mshabarov added a commit that referenced this pull request

May 17, 2023

…15885) (#16818)

* Disable sending updates to client for effectively non-visible nodes

* Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value

* Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

---

Co-authored-by: czp13 [email protected] Co-authored-by: Peter Czuczor [email protected]

(cherry picked from commit eab4f09)

Co-authored-by: Teppo Kurki [email protected]

mshabarov added a commit that referenced this pull request

May 17, 2023

…15885) (#16817)

* Disable sending updates to client for effectively non-visible nodes

* Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value

* Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

---

Co-authored-by: czp13 [email protected] Co-authored-by: Peter Czuczor [email protected]

(cherry picked from commit eab4f09)

Co-authored-by: Teppo Kurki [email protected] Co-authored-by: Peter Czuczor [email protected]

czp13 added a commit that referenced this pull request

May 24, 2023

…odes (#15885) (CP: 1.0)

Manually cherry-picked for 1.0:

• Disable sending updates to client for effectively non-visible nodes
• Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value
• Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

czp13 mentioned this pull request

May 24, 2023

czp13 added a commit that referenced this pull request

May 24, 2023

…odes (#15885) (CP: 1.0)

Manually cherry-picked for 1.0 (small changes around the stream peek and the filtering invocations part)

• Disable sending updates to client for effectively non-visible nodes
• Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value
• Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

czp13 added a commit that referenced this pull request

May 24, 2023

…odes (#15885) (CP: 1.0)

Manually cherry-picked for 1.0 (small changes around the stream peek and the filtering invocations part, and owner Optional handling)

• Disable sending updates to client for effectively non-visible nodes
• Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value
• Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

czp13 added a commit that referenced this pull request

May 24, 2023

…odes (#15885) (CP: 1.0)

Manually cherry-picked for 1.0 New changes through cherry picking:

• small changes around the stream peek (sentToBrowser is not existing in this code base)
• and the filtering invocations part,
• and owner Optional handling,

Old changes:

• Disable sending updates to client for effectively non-visible nodes
• Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value
• Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

mshabarov pushed a commit that referenced this pull request

May 26, 2023

…nodes (CP: 1.0) (#16875)

* chore:disable sending updates to client for effectively non-visible nodes (#15885) (CP: 1.0) Manually cherry-picked for 1.0 New changes through cherry picking:

• small changes around the stream peek (sentToBrowser is not existing in this code base)
• and the filtering invocations part,
• and owner Optional handling,

Old changes:

• Disable sending updates to client for effectively non-visible nodes
• Fix test: Always set tested component visible first; only assume node has changed if testvalue differs from original value
• Cleanup, and refactoring, in Element, StateNode, UIInternals classes + mvn formatter.

* chore: #16836 and #16855 PR-s merged to this one, and fine tuned for this code-base (remove detach listener when javascript execution completes, and nullify registration)

• Added handling Optional<StateNode> for computeIfAbsent and other places,
• Covering test class (and so tests) is/are fully missing from this version (need to add somewhere else),
• Deleted/Commented invocation.then(callback, callback) as this concept is not existing here, but added other snippet for handling registration removes,
• Tailored the code to the codebase.