Author: lindner
Date: Mon Jul 19 05:19:17 2010
New Revision: 965355
URL: http://svn.apache.org/viewvc?rev=965355&view=rev
Log:
SHINDIG-1356 | Modified Patch from Bastian Hofmann | Remove leading characters
in XHR callback processing which may be inserted if apache has
transfer-encoding: chunked
Modified:
shindig/trunk/features/src/main/javascript/features/core.io/io.js
Modified: shindig/trunk/features/src/main/javascript/features/core.io/io.js
URL:
http://svn.apache.org/viewvc/shindig/trunk/features/src/main/javascript/features/core.io/io.js?rev=965355&r1=965354&r2=965355&view=diff
==============================================================================
--- shindig/trunk/features/src/main/javascript/features/core.io/io.js (original)
+++ shindig/trunk/features/src/main/javascript/features/core.io/io.js Mon Jul
19 05:19:17 2010
@@ -132,9 +132,16 @@ gadgets.io = function() {
return;
}
var txt = xobj.responseText;
+
// remove unparseable cruft used to prevent cross-site script inclusion
- txt = txt.substr(UNPARSEABLE_CRUFT.length);
- // We are using eval directly here because the outer response comes from a
+ var offset = txt.indexOf(UNPARSEABLE_CRUFT) + UNPARSEABLE_CRUFT.length;
+
+ // If no cruft then just return without a callback - avoid JS errors
+ // TODO craft an error response?
+ if (offset < UNPARSEABLE_CRUFT.length) return;
+ txt = txt.substr(offset)
+
+ // We are using eval directly here because the outer response comes from a
// trusted source, and json parsing is slow in IE.
var data = eval("(" + txt + ")");
data = data[url];
