http://codereview.appspot.com/104067/diff/4005/4008 File features/src/main/javascript/features/core/json.js (right):
http://codereview.appspot.com/104067/diff/4005/4008#newcode147 Line 147: if (k.match('___$')) this restriction wont be respected if window.JSON is defined. See above. While this isnt strictly a security issue it it will put content you dont want in the JSON output. Can you test this on Firefox 3.5/ Safari 4? http://codereview.appspot.com/104067/diff/4005/4006 File java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/CajaContentRewriter.java (right): http://codereview.appspot.com/104067/diff/4005/4006#newcode85 Line 85: if (uri.getScheme().matches("^https?$")) { no need for regex, case insensitive direct comparison is sufficient. http://codereview.appspot.com/104067/diff/4005/4006#newcode87 Line 87: } else if ("javascript".equals(uri.getScheme())) { should be case-insensitive. http://codereview.appspot.com/104067
