[
https://issues.apache.org/jira/browse/SOLR-1603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12806009#action_12806009
]
Erik Hatcher commented on SOLR-1603:
------------------------------------
I'm aware of the risk of eval'ing untrusted strings, but I'm not sure how this
could be a problem with a Solr response. Can someone provide an example of how
a Solr response in any of these formats could be problematic security-wise?
All strings are escaped, so code within a string value of a field would still
eval only to a string, and would only execute if that string got eval'd.
> Perl Response Writer
> --------------------
>
> Key: SOLR-1603
> URL: https://issues.apache.org/jira/browse/SOLR-1603
> Project: Solr
> Issue Type: New Feature
> Components: Response Writers
> Reporter: Claudio Valente
> Priority: Minor
> Attachments: SOLR-1603.patch
>
>
> I've made a patch that implements a Perl response writer for Solr.
> It's nan/inf and unicode aware.
> I don't know whether some fields can be binary but if so I can probably
> extend it to support that.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
