Just saw that Lift 2.0-M3 was released. I looked to see if the vulnerability was still present in demo.liftweb.net and I am still able to generate exceptions in the browser when I paste binary characters in the textfields for the Wizard, Wizard Challenge, and Arc Challenge examples in the Misc section.
Don't know if this remaining problem is supposed to be handled by the application or framework, but thought I would make a post to alert the group. Dan On Feb 24, 11:49 am, Dano <olearydani...@gmail.com> wrote: > The recent scala days conference activity may have cause the updates > to this thread to escape notice. Just wondering if there is concern > about the remaining binary character problems I noted in my prior > post. > > Thanks in advance. > > Dan > > On Feb 22, 1:34 pm, Dano <olearydani...@gmail.com> wrote: > > > More information on this in case anyone is interested. If you go to > > theliftdemo website, it appears the issue with characters is mostly > > addressed except for the "Misc code" section. Specifically, the > > "Wizard", "Wizard Challenge" and "Arc Challenge #1" examples will > > generate XML parsing errors. > > > For these problems, I am not sure if the issue if the example or the > > framework. If the issue is with the example, it would be good to know > > whatLiftapps need to do to avoid getting bitten by binary characters > > entered into form fields. > > > Thanks in advance. > > > Dan > > > On Feb 17, 11:06 am, Dano <olearydani...@gmail.com> wrote: > > > > Hello, > > > > I was wondering if the fix for the control characters issue was > > > included in 2.0-M2. I just did a test with ourLiftapplication built > > > with 2.0-M2 and I am still seeing problems (i.e. javascript exceptions > > > - NS_ERROR_INVALID_POINTER). > > > > Thanks in advance. > > > > Dan > > > > On Feb 3, 9:08 am, David Pollak <feeder.of.the.be...@gmail.com> wrote: > > > > > Thanks for pointing that out. There are other problems as well... I'll > > > > fix > > > > them (in both the Scala andLiftdiffs) > > > > > On Wed, Feb 3, 2010 at 7:39 AM, Feng Zhang <sharpzh...@gmail.com> wrote: > > > > > I found that in the fix, \n is changed to \t, while \t to \n. Is this > > > > > desired behavior? > > > > > > Thank you, > > > > > > Feng > > > > > > On Wed, Feb 3, 2010 at 9:20 AM, Indrajit Raychaudhuri > > > > > <indraj...@gmail.com > > > > > > wrote: > > > > > >> 1. Fix in head/master (2.0-SNAPSHOT) and prepone 2.0-M2. > > > > > >> 2. Backport in 1.0.x branch and spin 1.0.4. We haven't marked 1.0.x > > > > >> 'unsupported' yet. Forcing apps to move to 2.0-M2 just for this > > > > >> vulnerability fix isn't fun. > > > > > >> Cheers, Indrajit > > > > > >> On 03/02/10 3:34 PM, Timothy Perrett wrote: > > > > > >>> +1 > > > > > >>> Fix it in head, no need to back-port; M2 is only around the corner. > > > > > >>> Cheers, Tim > > > > > >>> On 3 Feb 2010, at 09:49, Jeppe Nejsum Madsen wrote: > > > > > >>> David Pollak<feeder.of.the.be...@gmail.com> writes: > > > > > >>>> I'd like to get a sense of how important the community views this > > > > >>>>> defect. > > > > >>>>> Is it a "backport the fix to every milestone and release > > > > >>>>> yesterday" or > > > > >>>>> is it > > > > >>>>> a "fix it in 2.0-M2" or someplace in between. > > > > > >>>> For me, it's fix it in 2.0-SNAPSHOT > > > > > >>>> /Jeppe > > > > > >>>> -- > > > > >>>> You received this message because you are subscribed to the Google > > > > >>>> Groups "Lift" group. > > > > >>>> To post to this group, send email to lift...@googlegroups.com. > > > > >>>> To unsubscribe from this group, send email to > > > > >>>> liftweb+unsubscr...@googlegroups.com<liftweb%2bunsubscr...@googlegroups.com > > > > >>>> > > > > > >>>> . > > > > >>>> For more options, visit this group at > > > > >>>>http://groups.google.com/group/liftweb?hl=en. > > > > > >> -- > > > > >> You received this message because you are subscribed to the Google > > > > >> Groups > > > > >> "Lift" group. > > > > >> To post to this group, send email to lift...@googlegroups.com. > > > > >> To unsubscribe from this group, send email to > > > > >> liftweb+unsubscr...@googlegroups.com<liftweb%2bunsubscr...@googlegroups.com > > > > >> > > > > > >> . > > > > >> For more options, visit this group at > > > > >>http://groups.google.com/group/liftweb?hl=en. > > > > > > -- > > > > > You received this message because you are subscribed to the Google > > > > > Groups > > > > > "Lift" group. > > > > > To post to this group, send email to lift...@googlegroups.com. > > > > > To unsubscribe from this group, send email to > > > > > liftweb+unsubscr...@googlegroups.com<liftweb%2bunsubscr...@googlegroups.com > > > > > > > > > > > . > > > > > For more options, visit this group at > > > > >http://groups.google.com/group/liftweb?hl=en. > > > > > -- > > > >Lift, the simply functional web frameworkhttp://liftweb.net > > > > Beginning Scalahttp://www.apress.com/book/view/1430219890 > > > > Follow me:http://twitter.com/dpp > > > > Surf the harmonics -- You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to lift...@googlegroups.com. To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.
