-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/5011/
-----------------------------------------------------------
(Updated 2012-05-09 11:56:00.797407)
Review request for shindig, Ryan Baxter, Dan Dumont, and Stanton Sievers.
Changes
-------
Call for review of the patch. I've done the manual test, the unit test cases
also been verified.
Summary
-------
The gadget io request will inject a unparseable cruft message "throw 1; < don't
be evil' >" in the response content intentionally for security reasons.
However, this "throw 1; < don't be evil' >" string has been hardcoded in:
features/src/main/javascript/features/core.io/io.js
java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
It would be good to extract the message into a container config, so:
- client and server can reuse the same message.
- Shindig consumers can replace the message with their own.
This addresses bug SHINDIG-1765.
https://issues.apache.org/jira/browse/SHINDIG-1765
Diffs
-----
http://svn.apache.org/repos/asf/shindig/trunk/features/src/main/javascript/features/core.io/io.js
1333012
http://svn.apache.org/repos/asf/shindig/trunk/features/src/test/javascript/features/core.io/iotest.js
1333012
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java
1333012
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestHandlerTest.java
1333012
http://svn.apache.org/repos/asf/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/MakeRequestServletTest.java
1333012
http://svn.apache.org/repos/asf/shindig/trunk/config/container.js 1333012
Diff: https://reviews.apache.org/r/5011/diff
Testing
-------
Tested by trying a few other messages in the container.js, the replaced message
show up in the response correctly.
Thanks,
Marshall
