[
https://issues.apache.org/jira/browse/CB-1494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458744#comment-13458744
]
Matti Paksula commented on CB-1494:
-----------------------------------
_> Unfortunately, your regex matcher in resolveRemoteAddressFrom() is not
correct; it needs to parse against commas as well._
I think my matcher: /[^\s]+$/ is correct and actually better than something
that takes commas into account it reads last "token" from the end, see below:
{quote}
$ node
> matcher = /[^\s]+$/
/[^\s]+$/
> "10.10.10.10, gooby.plz.dolan.io, 23.24.12.101".match(matcher)
[ '23.24.12.101',
index: 33,
input: '10.10.10.10, gooby.plz.dolan.io, 23.24.12.101' ]
> "23.24.12.101".match(matcher)
[ '23.24.12.101',
index: 0,
input: '23.24.12.101' ]
> "".match(matcher)
null
{quote}
_> If we can ensure the new remoteAddress will never contain any HTML, because
we've done a great job parsing it, then I'm not concerned about XSS._
I think this should not be addressed on parsing remoteAddress, but on view
layer instead, so that *any* input would be sanitized before outputting it to
the browser (like all web frameworks do) -- that's why I see this as a new bug,
that would not only contain remoteAddress in HTML, but all possible input, also
for the future.
Ok, I'll also do doc change, also agree that.
> Supports running server behind a proxy, such as Heroku Cedar
> ------------------------------------------------------------
>
> Key: CB-1494
> URL: https://issues.apache.org/jira/browse/CB-1494
> Project: Apache Cordova
> Issue Type: New Feature
> Components: weinre
> Reporter: Patrick Mueller
> Assignee: Patrick Mueller
>
> created for https://github.com/apache/incubator-cordova-weinre/pull/10
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
