Re: [Laszlo-reviews] For Review: Change 20091217-maxcarlson-y Summary: Add lz.embed[.appid].callMethod() support to DHTML

Fri, 18 Dec 2009 12:40:49 -0800 

I agree with Max that if you are trying to pass a literal string, you will have 
to quote it.  This interface is expecting a Javascript expression, so it would 
seem the swf behaviour was really a bug.

OTOH, Max: is there a security issue with passing these expressions directly to 
eval in DHTML?

On 2009-12-18, at 14:44, Maynard Demmon wrote:

> Not always, though with my rewritten version I first cast it to a string 
> and escape the ' character. SWF seems fine with whatever is passed in. 
> I've used booleans and strings.
> 
> -Maynard
> 
> Max Carlson wrote:
>> Is value a string?  If so, I'd expect it to be quoted...
>> 
>> On 12/18/09 11:39 AM, Maynard Demmon wrote:
>>> This fix appears to work. One difference I noticed is that in DHTML I
>>> had to enclose the value in quotes whereas for swf this wasn't
>>> necessary. For example, this:
>>> 
>>> top.lz.embed.callMethod("gRTECallback." + methodName + "("+value+")");
>>> 
>>> had to be rewritten like this:
>>> 
>>> top.lz.embed.callMethod("gRTECallback." + methodName + "('"+value+"')");
>>> 
>>> The quoted version works for both swf and dhtml.
>>> -Maynard
>>> 
>>> Max Carlson wrote:
>>>> Change 20091217-maxcarlson-y by maxcarl...@bank on 2009-12-17 16:24:52
>>>> PST
>>>> in /Users/maxcarlson/openlaszlo/trunk-clean
>>>> for http://svn.openlaszlo.org/openlaszlo/trunk
>>>> 
>>>> Summary: Add lz.embed[.appid].callMethod() support to DHTML
>>>> 
>>>> Bugs Fixed: LPP-8676 - callMethod doesn't seem to work in dhtml, only
>>>> in swf
>>>> 
>>>> Technical Reviewer: ptw
>>>> QA Reviewer: mdemmon
>>>> 
>>>> Details: Add support for callMethod() to the DHTML runtime, complete
>>>> with queueing when called before the app completes initialization.
>>>> 
>>>> Tests: Testcase from LPP-8676 shows the same result across runtimes at
>>>> startup and when clicking the 'Call onclick' button.
>>>> 
>>>> Files:
>>>> M lps/includes/source/embednew.js
>>>> 
>>>> Changeset:
>>>> http://svn.openlaszlo.org/openlaszlo/patches/20091217-maxcarlson-y.tar
>>> 
>>> 
>> 
> 
> 
> _______________________________________________
> Laszlo-reviews mailing list
> [email protected]
> http://www.openlaszlo.org/mailman/listinfo/laszlo-reviews


_______________________________________________
Laszlo-reviews mailing list
[email protected]
http://www.openlaszlo.org/mailman/listinfo/laszlo-reviews

Reply via email to