You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by fd...@apache.org on 2010/12/18 12:56:09 UTC

svn commit: r1050621 - in /couchdb/trunk/share/server: loop.js render.js

Author: fdmanana
Date: Sat Dec 18 11:56:09 2010
New Revision: 1050621

URL: http://svn.apache.org/viewvc?rev=1050621&view=rev
Log:
Use safer JSON.parse()

Thanks Jason Smith for bringing this into attention.

Modified:
    couchdb/trunk/share/server/loop.js
    couchdb/trunk/share/server/render.js

Modified: couchdb/trunk/share/server/loop.js
URL: http://svn.apache.org/viewvc/couchdb/trunk/share/server/loop.js?rev=1050621&r1=1050620&r2=1050621&view=diff
==============================================================================
--- couchdb/trunk/share/server/loop.js (original)
+++ couchdb/trunk/share/server/loop.js Sat Dec 18 11:56:09 2010
@@ -122,7 +122,7 @@ var Loop = function() {
     }
   };
   while (line = readline()) {
-    cmd = eval('('+line+')');
+    cmd = JSON.parse(line);
     State.line_length = line.length;
     try {
       cmdkey = cmd.shift();

Modified: couchdb/trunk/share/server/render.js
URL: http://svn.apache.org/viewvc/couchdb/trunk/share/server/render.js?rev=1050621&r1=1050620&r2=1050621&view=diff
==============================================================================
--- couchdb/trunk/share/server/render.js (original)
+++ couchdb/trunk/share/server/render.js Sat Dec 18 11:56:09 2010
@@ -175,8 +175,7 @@ var Render = (function() {
     } else {
       blowChunks();
     }
-    var line = readline();
-    var json = eval('('+line+')');
+    var json = JSON.parse(readline());
     if (json[0] == "list_end") {
       lastRow = true;
       return null;