You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Chris Chabot (JIRA)" <ji...@apache.org> on 2008/06/10 17:52:45 UTC
[jira] Created: (SHINDIG-377) Remove UNPARSEABLE_CRUFT
Remove UNPARSEABLE_CRUFT
------------------------
Key: SHINDIG-377
URL: https://issues.apache.org/jira/browse/SHINDIG-377
Project: Shindig
Issue Type: Bug
Components: Features (Javascript), Gadget Rendering Server (Java), Gadget Rendering Server (PHP)
Reporter: Chris Chabot
features/core.io/io.js has the following todo (line 112):
// remove unparseable cruft.
// TODO: really remove this by eliminating it. It's not any real security
// to begin with, and we can solve this problem by using post requests
// and / or passing the url in the http headers.
Shall we go ahead and remove it then? Or otherwise if there is still a good reason for it being there, remove the comment?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (SHINDIG-377) Remove UNPARSEABLE_CRUFT
Posted by "Brian Eaton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-377?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Eaton resolved SHINDIG-377.
---------------------------------
Resolution: Fixed
Comments updated in r667892.
> Remove UNPARSEABLE_CRUFT
> ------------------------
>
> Key: SHINDIG-377
> URL: https://issues.apache.org/jira/browse/SHINDIG-377
> Project: Shindig
> Issue Type: Bug
> Components: Features (Javascript), Gadget Rendering Server (Java), Gadget Rendering Server (PHP)
> Reporter: Chris Chabot
>
> features/core.io/io.js has the following todo (line 112):
> // remove unparseable cruft.
> // TODO: really remove this by eliminating it. It's not any real security
> // to begin with, and we can solve this problem by using post requests
> // and / or passing the url in the http headers.
> Shall we go ahead and remove it then? Or otherwise if there is still a good reason for it being there, remove the comment?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHINDIG-377) Remove UNPARSEABLE_CRUFT
Posted by "Kevin Brown (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-377?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12603936#action_12603936 ]
Kevin Brown commented on SHINDIG-377:
-------------------------------------
The latter part of the problem isn't really addressed (passing the url in headers / using POST).
I'd say we should remove the comment rather than the cruft for now.
> Remove UNPARSEABLE_CRUFT
> ------------------------
>
> Key: SHINDIG-377
> URL: https://issues.apache.org/jira/browse/SHINDIG-377
> Project: Shindig
> Issue Type: Bug
> Components: Features (Javascript), Gadget Rendering Server (Java), Gadget Rendering Server (PHP)
> Reporter: Chris Chabot
>
> features/core.io/io.js has the following todo (line 112):
> // remove unparseable cruft.
> // TODO: really remove this by eliminating it. It's not any real security
> // to begin with, and we can solve this problem by using post requests
> // and / or passing the url in the http headers.
> Shall we go ahead and remove it then? Or otherwise if there is still a good reason for it being there, remove the comment?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHINDIG-377) Remove UNPARSEABLE_CRUFT
Posted by "Brian Eaton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-377?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12604066#action_12604066 ]
Brian Eaton commented on SHINDIG-377:
-------------------------------------
The unparseable cruft does no harm, and does provide protection against cross site script inclusion. We should remove the comment, not the code.
> Remove UNPARSEABLE_CRUFT
> ------------------------
>
> Key: SHINDIG-377
> URL: https://issues.apache.org/jira/browse/SHINDIG-377
> Project: Shindig
> Issue Type: Bug
> Components: Features (Javascript), Gadget Rendering Server (Java), Gadget Rendering Server (PHP)
> Reporter: Chris Chabot
>
> features/core.io/io.js has the following todo (line 112):
> // remove unparseable cruft.
> // TODO: really remove this by eliminating it. It's not any real security
> // to begin with, and we can solve this problem by using post requests
> // and / or passing the url in the http headers.
> Shall we go ahead and remove it then? Or otherwise if there is still a good reason for it being there, remove the comment?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.