You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kp...@apache.org on 2013/09/26 17:21:07 UTC
svn commit: r1526565 - in /tomcat/trunk/webapps/examples:
WEB-INF/classes/websocket/snake/Snake.java
WEB-INF/classes/websocket/snake/SnakeAnnotation.java
WEB-INF/classes/websocket/snake/SnakeTimer.java websocket/snake.xhtml
Author: kpreisser
Date: Thu Sep 26 15:21:06 2013
New Revision: 1526565
URL: http://svn.apache.org/r1526565
Log:
Improve Snake Websocket example:
- Fix invalid JSON syntax (Strings always need to be in double-quotes)
- In JavaScript, use JSON.parse() instead of eval() to parse JSON strings, to avoid potential security problems.
Modified:
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/Snake.java
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeAnnotation.java
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeTimer.java
tomcat/trunk/webapps/examples/websocket/snake.xhtml
Modified: tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/Snake.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/Snake.java?rev=1526565&r1=1526564&r2=1526565&view=diff
==============================================================================
--- tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/Snake.java (original)
+++ tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/Snake.java Thu Sep 26 15:21:06 2013
@@ -52,12 +52,12 @@ public class Snake {
private synchronized void kill() {
resetState();
- sendMessage("{'type': 'dead'}");
+ sendMessage("{\"type\": \"dead\"}");
}
private synchronized void reward() {
length++;
- sendMessage("{'type': 'kill'}");
+ sendMessage("{\"type\": \"kill\"}");
}
@@ -121,14 +121,14 @@ public class Snake {
public synchronized String getLocationsJson() {
StringBuilder sb = new StringBuilder();
- sb.append(String.format("{x: %d, y: %d}",
+ sb.append(String.format("{\"x\": %d, \"y\": %d}",
Integer.valueOf(head.x), Integer.valueOf(head.y)));
for (Location location : tail) {
sb.append(',');
- sb.append(String.format("{x: %d, y: %d}",
+ sb.append(String.format("{\"x\": %d, \"y\": %d}",
Integer.valueOf(location.x), Integer.valueOf(location.y)));
}
- return String.format("{'id':%d,'body':[%s]}",
+ return String.format("{\"id\":%d,\"body\":[%s]}",
Integer.valueOf(id), sb.toString());
}
Modified: tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeAnnotation.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeAnnotation.java?rev=1526565&r1=1526564&r2=1526565&view=diff
==============================================================================
--- tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeAnnotation.java (original)
+++ tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeAnnotation.java Thu Sep 26 15:21:06 2013
@@ -79,13 +79,13 @@ public class SnakeAnnotation {
for (Iterator<Snake> iterator = SnakeTimer.getSnakes().iterator();
iterator.hasNext();) {
Snake snake = iterator.next();
- sb.append(String.format("{id: %d, color: '%s'}",
+ sb.append(String.format("{\"id\": %d, \"color\": \"%s\"}",
Integer.valueOf(snake.getId()), snake.getHexColor()));
if (iterator.hasNext()) {
sb.append(',');
}
}
- SnakeTimer.broadcast(String.format("{'type': 'join','data':[%s]}",
+ SnakeTimer.broadcast(String.format("{\"type\": \"join\",\"data\":[%s]}",
sb.toString()));
}
@@ -107,7 +107,7 @@ public class SnakeAnnotation {
@OnClose
public void onClose() {
SnakeTimer.removeSnake(snake);
- SnakeTimer.broadcast(String.format("{'type': 'leave', 'id': %d}",
+ SnakeTimer.broadcast(String.format("{\"type\": \"leave\", \"id\": %d}",
Integer.valueOf(id)));
}
}
Modified: tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeTimer.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeTimer.java?rev=1526565&r1=1526564&r2=1526565&view=diff
==============================================================================
--- tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeTimer.java (original)
+++ tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeTimer.java Thu Sep 26 15:21:06 2013
@@ -73,7 +73,7 @@ public class SnakeTimer {
sb.append(',');
}
}
- broadcast(String.format("{'type': 'update', 'data' : [%s]}",
+ broadcast(String.format("{\"type\": \"update\", \"data\" : [%s]}",
sb.toString()));
}
Modified: tomcat/trunk/webapps/examples/websocket/snake.xhtml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/examples/websocket/snake.xhtml?rev=1526565&r1=1526564&r2=1526565&view=diff
==============================================================================
--- tomcat/trunk/webapps/examples/websocket/snake.xhtml (original)
+++ tomcat/trunk/webapps/examples/websocket/snake.xhtml Thu Sep 26 15:21:06 2013
@@ -209,8 +209,7 @@
};
Game.socket.onmessage = function (message) {
- // _Potential_ security hole, consider using json lib to parse data in production.
- var packet = eval('(' + message.data + ')');
+ var packet = JSON.parse(message.data);
switch (packet.type) {
case 'update':
for (var i = 0; i < packet.data.length; i++) {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org