Lift Framework 3.0-RC4: Fourth Release Candidate

RC3 (and previous pre-release versions of Lift 3 that do event extraction for
content security policy purposes) had an issue where AJAX responses containing
HTML that in turn contained embedded event handlers could in certain cases turn
into attempts to attach events before the associated HTML elements were in
the DOM. This caused failures with existing apps.

Due to the lateness in the RC cycle of this bug, we've opted to allow for
disabling event extraction altogether, and disabled it by default. This
means that apps that have been using event extraction will want to enable it
explicitly by setting:

LiftRules.extractInlineJavaScript = true

We will enable it by default in a future Lift 3 point release once we're confident
of its correct behavior.

We expect this to be the last RC before Lift 3 goes final.

Breaking Changes

• (#1809) You must now explicitly enable event extraction (which turns on*-style
  event attributes in HTML and javascript:-style form submission and link URLs into
  out-of-band JavaScript that attaches event handlers, making HTML like this
  generated by Lift compatible with restrictive content security policies) in order for
  Lift to do this. This was done in response to noticing some issues with event extraction
  and HTML-appending AJAX responses, which could in some cases attempt to bind
  event handlers before the relevant nodes were in the DOM, and thus failed to bind
  those handlers. Users of Lift 3 before RC4 will want to explicitly enable
  LiftRules.extractInlineJavaScript to preserve prior behavior.