Re: Review Request: Replace the unparseable cruft message "throw 1; < don't be evil' >" constant in client and server with a container config

Mon, 14 May 2012 05:02:23 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5011/#review7837
-----------------------------------------------------------

Ship it!


Committed revision 1338171.  Thanks!

Please close this review as submitted.

- Stanton


On 2012-05-09 11:56:00, Marshall Shi wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/5011/
> -----------------------------------------------------------
> 
> (Updated 2012-05-09 11:56:00)
> 
> 
> Review request for shindig, Ryan Baxter, Dan Dumont, and Stanton Sievers.
> 
> 
> Summary
> -------
> 
> The gadget io request will inject a unparseable cruft message "throw 1; < 
> don't be evil' >" in the response content intentionally for security reasons.
> However, this "throw 1; < don't be evil' >" string has been hardcoded in:
> features/src/main/javascript/features/core.io/io.js
> java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
> 
> It would be good to extract the message into a container config, so:
> - client and server can reuse the same message.
> - Shindig consumers can replace the message with their own. 
> 
> 
> This addresses bug SHINDIG-1765.
>     https://issues.apache.org/jira/browse/SHINDIG-1765
> 
> 
> Diffs
> -----
> 
>   
> http://svn.apache.org/repos/asf/shindig/trunk/features/src/main/javascript/features/core.io/io.js
>  1333012 
>   
> http://svn.apache.org/repos/asf/shindig/trunk/features/src/test/javascript/features/core.io/iotest.js
>  1333012 
>   
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
>  1333012 
>   
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java
>  1333012 
>   
> http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java
>  1333012 
>   http://svn.apache.org/repos/asf/shindig/trunk/config/container.js 1333012 
> 
> Diff: https://reviews.apache.org/r/5011/diff
> 
> 
> Testing
> -------
> 
> Tested by trying a few other messages in the container.js, the replaced 
> message show up in the response correctly.
> 
> 
> Thanks,
> 
> Marshall
> 
>

Reply via email to