Thanks Joni! I appreciate the sample code.
Dan On Mar 7, 8:10 am, Joni Freeman <freeman.j...@gmail.com> wrote: > Note, it is very easy to clean up the JSON before rendering by using > 'map' function: > > json map { > case JString(s) => JString(sripOutBinaryChars(s)) > case x => x > > } > > (You just need to implement that sripOutBinaryChars function...). > > Cheers Joni > > On Mar 5, 8:26 pm, Dano <olearydani...@gmail.com> wrote: > > > > > I think I would like to amend my last post by asking if it is possible > > that the lift-jsonlibrary support the ability to strip out binary > > characters since many times an application uses the results ofJSON > > operations to render back to the client. > > > Thanks. > > > Dan > > > On Mar 5, 9:53 am, Dano <olearydani...@gmail.com> wrote: > > > > I can reproduce it in our application, but I think it is not > > > necessarily due to Lift. This is what I am trying to sort out. We > > > have client-side javascript which is sendingJSONcommands to the > > > server and things blow up once things come back from the server. In > > > this case, Lift is not responsible for the rendering so I would say > > > this is an application issue. > > > > I am poking at the demo lift application to try to flush out issues > > > common to the group and understand what is a framework issue and what > > > needs to be addressed by the application. > > > > Thanks. > > > > Dan > > > > On Mar 5, 9:47 am, Naftoli Gugenheim <naftoli...@gmail.com> wrote: > > > > > Can you reproduce the vulnerability in your own M3 app? > > > > > ------------------------------------- > > > > > Dano<olearydani...@gmail.com> wrote: > > > > > I would never claim to be astute. However, I did observe that > > > > demo.liftweb.net is now built using 2.0-M3 as is clearly listed at the > > > > bottom of the page. I also observed that the Wizard example is still > > > > broken (paste binary characters into 'First Name' and then click the > > > > Next button). I have not yet registered for an account with Assembla > > > > but would be happy to file the bug. > > > > > Dan > > > > > On Mar 4, 7:33 pm, Ross Mellgren <dri...@gmail.com> wrote: > > > > > > Check dpp's response as of 8:01 > > > > > > -Ross > > > > > > On Mar 4, 2010, at 7:49 PM, Naftoli Gugenheim wrote: > > > > > > > What version is the demo running? > > > > > > > ------------------------------------- > > > > > > Dano<olearydani...@gmail.com> wrote: > > > > > > > Just saw that Lift 2.0-M3 was released. I looked to see if the > > > > > > vulnerability was still present in demo.liftweb.net and I am still > > > > > > able to generate exceptions in the browser when I paste binary > > > > > > characters in the textfields for the Wizard, Wizard Challenge, and > > > > > > Arc > > > > > > Challenge examples in the Misc section. > > > > > > > Don't know if this remaining problem is supposed to be handled by > > > > > > the > > > > > > application or framework, but thought I would make a post to alert > > > > > > the > > > > > > group. > > > > > > > Dan > > > > > > > On Feb 24, 11:49 am, Dano <olearydani...@gmail.com> wrote: > > > > > >> The recent scala days conference activity may have cause the > > > > > >> updates > > > > > >> to this thread to escape notice. Just wondering if there is > > > > > >> concern > > > > > >> about the remaining binary character problems I noted in my prior > > > > > >> post. > > > > > > >> Thanks in advance. > > > > > > >> Dan > > > > > > >> On Feb 22, 1:34 pm, Dano <olearydani...@gmail.com> wrote: > > > > > > >>> More information on this in case anyone is interested. If you go > > > > > >>> to > > > > > >>> theliftdemo website, it appears the issue with characters is > > > > > >>> mostly > > > > > >>> addressed except for the "Misc code" section. Specifically, the > > > > > >>> "Wizard", "Wizard Challenge" and "Arc Challenge #1" examples will > > > > > >>> generate XML parsing errors. > > > > > > >>> For these problems, I am not sure if the issue if the example or > > > > > >>> the > > > > > >>> framework. If the issue is with the example, it would be good to > > > > > >>> know > > > > > >>> whatLiftapps need to do to avoid getting bitten by binary > > > > > >>> characters > > > > > >>> entered into form fields. > > > > > > >>> Thanks in advance. > > > > > > >>> Dan > > > > > > >>> On Feb 17, 11:06 am, Dano <olearydani...@gmail.com> wrote: > > > > > > >>>> Hello, > > > > > > >>>> I was wondering if the fix for the control characters issue was > > > > > >>>> included in 2.0-M2. I just did a test with ourLiftapplication > > > > > >>>> built > > > > > >>>> with 2.0-M2 and I am still seeing problems (i.e. javascript > > > > > >>>> exceptions > > > > > >>>> - NS_ERROR_INVALID_POINTER). > > > > > > >>>> Thanks in advance. > > > > > > >>>> Dan > > > > > > >>>> On Feb 3, 9:08 am, David Pollak <feeder.of.the.be...@gmail.com> > > > > > >>>> wrote: > > > > > > >>>>> Thanks for pointing that out. There are other problems as > > > > > >>>>> well... I'll fix > > > > > >>>>> them (in both the Scala andLiftdiffs) > > > > > > >>>>> On Wed, Feb 3, 2010 at 7:39 AM, Feng Zhang > > > > > >>>>> <sharpzh...@gmail.com> wrote: > > > > > >>>>>> I found that in the fix, \n is changed to \t, while \t to \n. > > > > > >>>>>> Is this > > > > > >>>>>> desired behavior? > > > > > > >>>>>> Thank you, > > > > > > >>>>>> Feng > > > > > > >>>>>> On Wed, Feb 3, 2010 at 9:20 AM, Indrajit Raychaudhuri > > > > > >>>>>> <indraj...@gmail.com > > > > > >>>>>>> wrote: > > > > > > >>>>>>> 1. Fix in head/master (2.0-SNAPSHOT) and prepone 2.0-M2. > > > > > > >>>>>>> 2. Backport in 1.0.x branch and spin 1.0.4. We haven't marked > > > > > >>>>>>> 1.0.x > > > > > >>>>>>> 'unsupported' yet. Forcing apps to move to 2.0-M2 just for > > > > > >>>>>>> this > > > > > >>>>>>> vulnerability fix isn't fun. > > > > > > >>>>>>> Cheers, Indrajit > > > > > > >>>>>>> On 03/02/10 3:34 PM, Timothy Perrett wrote: > > > > > > >>>>>>>> +1 > > > > > > >>>>>>>> Fix it in head, no need to back-port; M2 is only around the > > > > > >>>>>>>> corner. > > > > > > >>>>>>>> Cheers, Tim > > > > > > >>>>>>>> On 3 Feb 2010, at 09:49, Jeppe Nejsum Madsen wrote: > > > > > > >>>>>>>> David Pollak<feeder.of.the.be...@gmail.com> writes: > > > > > > >>>>>>>>> I'd like to get a sense of how important the community > > > > > >>>>>>>>> views this > > > > > >>>>>>>>>> defect. > > > > > >>>>>>>>>> Is it a "backport the fix to every milestone and release > > > > > >>>>>>>>>> yesterday" or > > > > > >>>>>>>>>> is it > > > > > >>>>>>>>>> a "fix it in 2.0-M2" or someplace in between. > > > > > > >>>>>>>>> For me, it's fix it in 2.0-SNAPSHOT > > > > > > >>>>>>>>> /Jeppe > > > > > > >>>>>>>>> -- > > > > > >>>>>>>>> You received this message because you are subscribed to the > > > > > >>>>>>>>> Google > > > > > >>>>>>>>> Groups "Lift" group. > > > > > >>>>>>>>> To post to this group, send email to > > > > > >>>>>>>>> lift...@googlegroups.com. > > > > > >>>>>>>>> To unsubscribe from this group, send email to > > > > > >>>>>>>>> liftweb+unsubscr...@googlegroups.com<liftweb%2bunsubscr...@googlegroups.com > > > > > >>>>>>>>> > > > > > > >>>>>>>>> . > > > > > >>>>>>>>> For more options, visit this group at > > > > > >>>>>>>>>http://groups.google.com/group/liftweb?hl=en. > > > > > > >>>>>>> -- > > > > > >>>>>>> You received this message because you are subscribed to the > > > > > >>>>>>> Google Groups > > > > > >>>>>>> "Lift" group. > > > > > >>>>>>> To post to this group, send email to lift...@googlegroups.com. > > > > > >>>>>>> To unsubscribe from this group, send email to > > > > > >>>>>>> liftweb+unsubscr...@googlegroups.com<liftweb%2bunsubscr...@googlegroups.com > > > > > >>>>>>> > > > > > > >>>>>>> . > > > > > >>>>>>> For more options, visit this group at > > > > > >>>>>>>http://groups.google.com/group/liftweb?hl=en. > > > > > > >>>>>> -- > > > > > >>>>>> You received this message because you are subscribed to the > > > > > >>>>>> Google Groups > > > > > >>>>>> "Lift" group. > > > > > >>>>>> To post to this group, send email to lift...@googlegroups.com. > > > > > >>>>>> To unsubscribe from this group, send email to > > > > > >>>>>> liftweb+unsubscr...@googlegroups.com<liftweb%2bunsubscr...@googlegroups.com > > > > > >>>>>> > > > > > > >>>>>> . > > > > > >>>>>> For more options, visit this group at > > > > > >>>>>>http://groups.google.com/group/liftweb?hl=en. > > > > > > >>>>> -- > > > > > >>>>> Lift, the simply functional web frameworkhttp://liftweb.net > > > > > >>>>> Beginning Scalahttp://www.apress.com/book/view/1430219890 > > > > > >>>>> Follow me:http://twitter.com/dpp > > > > > >>>>> Surf the harmonics > > > > > > > -- > > > > > > You received this message because you are subscribed to the Google > > > > > > Groups "Lift" group. > > > > > > To post to this group, send email to lift...@googlegroups.com. > > > > > > To unsubscribe from this group, send email to > > > > > > liftweb+unsubscr...@googlegroups.com. > > > > > > For more options, visit this group > > > > > > athttp://groups.google.com/group/liftweb?hl=en. > > > > > > > -- > > > > > > You received this message because you are subscribed to the Google > > > > > > Groups "Lift" group. > > > > > > To post to this group, send email to lift...@googlegroups.com. > > > > > > To unsubscribe from this group, send email to > > > > > > liftweb+unsubscr...@googlegroups.com. > > > > > > For more options, visit this group > > > > > > athttp://groups.google.com/group/liftweb?hl=en. > > > > > -- > > > > You received this message because you are subscribed to the Google > > > > Groups "Lift" group. > > > > To post to this group, send email to lift...@googlegroups.com. > > > > To unsubscribe from this group, send email to > > > > liftweb+unsubscr...@googlegroups.com. > > > > For more options, visit this group > > > > athttp://groups.google.com/group/liftweb?hl=en. -- You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to lift...@googlegroups.com. To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.