> On 2011-07-26 22:01:08, Jasvir Nagra wrote: > > trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/js/AddJslInfoVariableProcessor.java, > > line 63 > > <https://reviews.apache.org/r/1198/diff/1/?file=27184#file27184line63> > > > > What prevents features from containing a ']' character?
Nothing in code, just convention. Features are expected to be properly written and trusted code, precluding issues of XSS. - johnfargo ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/1198/#review1190 ----------------------------------------------------------- On 2011-07-26 21:21:42, johnfargo wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/1198/ > ----------------------------------------------------------- > > (Updated 2011-07-26 21:21:42) > > > Review request for shindig and Ziv Horesh. > > > Summary > ------- > > Decline to inject ___jsl.u="" or "null" when an empty value is present. > > > Diffs > ----- > > > trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/js/AddJslInfoVariableProcessor.java > 1145744 > > trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/js/AddJslInfoVariableProcessorTest.java > 1145744 > > Diff: https://reviews.apache.org/r/1198/diff > > > Testing > ------- > > > Thanks, > > johnfargo > >
