[jira] [Commented] (SLING-2206) Preventing the Execution of Unauthorized Script in JSON

Antonio Sanso (JIRA) Tue, 06 Sep 2011 04:04:53 -0700

    [ 
https://issues.apache.org/jira/browse/SLING-2206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13097892#comment-13097892
 ]


Antonio Sanso commented on SLING-2206:
--------------------------------------

more on the topic

http://en.wikipedia.org/wiki/JSONP

> Preventing the Execution of Unauthorized Script in JSON
> -------------------------------------------------------
>
>                 Key: SLING-2206
>                 URL: https://issues.apache.org/jira/browse/SLING-2206
>             Project: Sling
>          Issue Type: New Feature
>          Components: Servlets
>            Reporter: Antonio Sanso
>            Priority: Minor
>
> For an explanation of the security problem please check [0].
> To see how for example Gmail solves the problem refer to [1]
> I think that would be good to have this feature to be configurable (on by 
> default). I would personally opt for adding the while(1); solution (that is 
> the same Google use).
> .
> [0] 
> http://labs.adobe.com/technologies/spry/samples/data_region/JSONParserSample.html
> [1] http://msujaws.wordpress.com/2011/02/28/xss-prevention-in-gmail/

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (SLING-2206) Preventing the Execution of Unauthorized Script in JSON

Reply via email to