Looks good, but I'm being a pain :)
http://codereview.appspot.com/183045/diff/1006/13 File java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ConcatProxyServlet.java (right): http://codereview.appspot.com/183045/diff/1006/13#newcode85 java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ConcatProxyServlet.java:85: String jsonVar = request.getParameter(JSON_PARAM); still need to sanitize this :) http://codereview.appspot.com/183045/diff/1006/13#newcode221 java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ConcatProxyServlet.java:221: public void closeStream() throws IOException { I don't think you need the closeStream() operation -- seems to me you can do the "url:\"" and "," additions in setUrl() and done()/close(), the former you could rename processingUrl() if you find it clearer. Each such addition would be made to super.getOutputStream().print(...). getOutputStream() would be simpler in this case as well, since you'd only return a single EscapedServletOutputStream, which does only and exactly one thing: JSON escapes data it's given. personally I'd rename setUrl(...) to processUrl(request, url) and call it directly. The ResponseWrapper class becomes non-static, so has access to proxyHandler. At that point, all output logic is in RW. http://codereview.appspot.com/183045/diff/1006/13#newcode387 java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/ConcatProxyServlet.java:387: outputStream.write(StringEscapeUtils.escapeJavaScript(data).getBytes()); I'm a little concerned about how this stream will be called, esp. if JS chunks are provided to it in individual bytes or weird offset chunks. Seems better to me to have write(...) APIs buffer data in a growing byte array, then add a separate method (called by processUrl(...)) that flushes the buffer, escaping the whole thing. http://codereview.appspot.com/183045
