On Mon, Sep 12, 2011 at 7:01 PM, Ron Wilson <ronw.m...@gmail.com> wrote:
> In my own experience with my personal website, I have found that some > service providers (not my web hosting provider, but ISPs between the > web host and the browser), inject their own content into anything that > looks like text regardless of the file extension or MIME type. > Wow. That's new to me. i'm honestly truly shocked by that, and would loudly protest/boycott/fire any provider which injected contents which effectively corrupted any of my data. Maybe i've just had exceedingly good luck with hosters so far. Such behaviour would break every single doc affected by it, so i can't see how it can have a positive business effect for any network provider. Sounds like a short-lived marketing idea to me. So yes, the full response from the server is not pure JSON, however, > the pure JSON can be extracted from between the tags that contain it. > While this does add a step before the JSON can be parsed, it does > reduce the risk that the JSON content is tainted. > If these "evil ISPs" can and do inject/modify even a single byte in the body/content, none of the contents can be trusted, IMO. They can add all the new headers they want, but changing the body? While the HTTPS work-around is certainly preferable, not everyone has > the luxury of this option. > i don't :( -- ----- stephan beal http://wanderinghorse.net/home/stephan/
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
