Preventing the Execution of Unauthorized Script in JSON
-------------------------------------------------------
Key: SLING-2206
URL: https://issues.apache.org/jira/browse/SLING-2206
Project: Sling
Issue Type: New Feature
Components: Servlets
Reporter: Antonio Sanso
Priority: Minor
For an explanation of the security problem please check [0].
To see how for example Gmail solves the problem refer to [1]
I think that would be good to have this feature to be configurable (on by
default). I would personally opt for adding the while(1); solution (that is the
same Google use).
.
[0]
http://labs.adobe.com/technologies/spry/samples/data_region/JSONParserSample.html
[1] http://msujaws.wordpress.com/2011/02/28/xss-prevention-in-gmail/
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
