+1 for abandoning "{{{"
toClent("fromBackend.protocols", protocols);
We can implement this in the next milestone.
On Fri, Jun 10, 2016 at 8:12 PM, Manuranga Perera <[email protected]> wrote:
> These are mistakes we have already made in our old systems, let's not
> repeat them
>
> 1) Please DO NOT use "{{{", it introduces SECURITY VULNERABILITIES,
> Sajith,Rasika we need to introduce a new function. Don't even tell people
> about "{{{"
> in backend JS, Hemika should be able to do the following
>
> toClent("fromBackend.protocols", protocols);
>
> and in frontend, he should be able to just
> console.log(fromBackend.protocols) and see the json
> Given the cost of this kind of vulnerabilities, I don't think we should
> even do this as a temp solution. We should safe stringify before sending,
> view source of gmail and search "var GLOBALS" and you see how safe json
> stringify works. ALL non-alpha-numeric has to be encoded with \x. Not just
> " but things like < , which are normally considered safe in json, has to be
> encoded [1].
>
> 2) We shouldn't manually iterating to convert to JSON. This just adds
> unnecessary boilerplate work dev has to do. If we implement (1) we don't
> need this for now. So we can discuss this later. But also see [2]
>
> [1] see "JavaScript Encoding" in
> https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#Output_Encoding_Rules_Summary
> [2]
> http://mail.openjdk.java.net/pipermail/nashorn-dev/2013-September/002013.html
>
> On Fri, Jun 10, 2016 at 4:46 AM, Hemika Kodikara <[email protected]> wrote:
>
>> Also please note that I used JSON.stringify method in server side js.
>>
>> Hemika Kodikara
>> Software Engineer
>> WSO2 Inc.
>> lean . enterprise . middleware
>> http://wso2.com
>>
>> Mobile : +94777688882
>>
>> On Fri, Jun 10, 2016 at 2:13 PM, Hemika Kodikara <[email protected]> wrote:
>>
>>> Thanks Rasika for the solution.
>>>
>>> In the client side JS, have the following code :
>>>
>>> <script type="text/javascript">
>>> var protocols = *{{{protocols}}}*;
>>> $.each(protocols, function(index, value) {
>>>
>>> $('#queue-subscription-protocols').append($('<option>').text(value).attr('value',
>>> index));
>>> });
>>> </script>
>>>
>>> Have to use 3 curly braces.
>>>
>>> Regards,
>>> Hemika
>>>
>>> Hemika Kodikara
>>> Software Engineer
>>> WSO2 Inc.
>>> lean . enterprise . middleware
>>> http://wso2.com
>>>
>>> Mobile : +94777688882
>>>
>>> On Fri, Jun 10, 2016 at 2:00 PM, Hemika Kodikara <[email protected]>
>>> wrote:
>>>
>>>> Hi Milinda,
>>>>
>>>> It is not a string array, its actually java objects that is there.
>>>>
>>>> Hi Sajith,
>>>>
>>>> I modified the nashorn script as following :
>>>>
>>>> var onRequest = function (context) {
>>>> var protocols = callOSGiService("org.wso2.andes.kernel.Andes",
>>>> "getSupportedProtocols", []);
>>>> var protocolStrings = [];
>>>> for each (var item in protocols) {
>>>> protocolStrings.push(item.toString());
>>>> }
>>>>
>>>> // var protocolsJson = JSON.stringify(protocolStrings);
>>>> return {"protocols" : protocolStrings};
>>>> };
>>>>
>>>> I am assigning the "protocols" json value to a javascript variable in
>>>> the client-side as following :
>>>>
>>>> var protocols =* {{protocols}}*;
>>>> $.each(protocols, function(index, value) {
>>>>
>>>> ('#queue-subscription-protocols').append($('<option>').text(value).attr('value',
>>>> index));
>>>> });
>>>>
>>>>
>>>> But I am getting the following errors when rendered the page(client
>>>> side js) :
>>>>
>>>> var protocols = [object Array]; <-- Syntax error
>>>>
>>>> When I use JSON.stringify in server side js, I get the following output
>>>> :
>>>>
>>>> var protocols =
>>>> ["AMQP-0-10","MQTT-default","AMQP-0-91","AMQP-8-0","AMQP-0-9"];
>>>> <-- Unexpected token &
>>>>
>>>> Any Idea ?
>>>>
>>>> Regards,
>>>> Hemika
>>>>
>>>>
>>>> Hemika Kodikara
>>>> Software Engineer
>>>> WSO2 Inc.
>>>> lean . enterprise . middleware
>>>> http://wso2.com
>>>>
>>>> Mobile : +94777688882
>>>>
>>>> On Fri, Jun 10, 2016 at 12:51 PM, Milinda Perera <[email protected]>
>>>> wrote:
>>>>
>>>>> Hi Hemika,
>>>>>
>>>>> If AMQP-0-10, MQTT-default, AMQP-0-91, AMQP-8-0, AMQP-0-9 are strings,
>>>>> following should work
>>>>>
>>>>> JSON.parse("[\"AMQP-0-10\", \"MQTT-default\", \"AMQP-0-91\",
>>>>> \"AMQP-8-0\", \"AMQP-0-9\"]")
>>>>>
>>>>> Accroding to [1] within array " A *value* can be a *string* in double
>>>>> quotes, or a *number*, or true or false or null, or an *object* or an
>>>>> *array*. These structures can be nested."
>>>>>
>>>>> [1] http://www.json.org/
>>>>>
>>>>> Thanks,
>>>>> Mili
>>>>>
>>>>> On Fri, Jun 10, 2016 at 12:33 PM, Hemika Kodikara <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> I am invoking the callOSGiService method in nashorn to get a list of
>>>>>> protocols thats in andes of MB.
>>>>>>
>>>>>> I am getting the following output after invoking the callOSGiService
>>>>>> :
>>>>>> [AMQP-0-10, MQTT-default, AMQP-0-91, AMQP-8-0, AMQP-0-9]
>>>>>>
>>>>>> But need to convert it into a javascript array(Probably a String
>>>>>> array). Need to bind it to a dropdown(select element).
>>>>>>
>>>>>> I tried JSON.parse, but getting the following errors :
>>>>>>
>>>>>> jjs> JSON.parse("[AMQP-0-10, MQTT-default, AMQP-0-91, AMQP-8-0,
>>>>>> AMQP-0-9]");
>>>>>> <shell>:1 SyntaxError: Invalid JSON: <json>:1:1 Expected json literal
>>>>>> but found ident
>>>>>> [AMQP-0-10, MQTT-default, AMQP-0-91, AMQP-8-0, AMQP-0-9]
>>>>>> ^
>>>>>>
>>>>>> jjs> JSON.parse([AMQP-0-10, MQTT-default, AMQP-0-91, AMQP-8-0,
>>>>>> AMQP-0-9]);
>>>>>> ECMAScript Exception: SyntaxError: <shell>:1:28 Expected an operand
>>>>>> but found default
>>>>>> JSON.parse([AMQP-0-10, MQTT-default, AMQP-0-91, AMQP-8-0, AMQP-0-9]);
>>>>>> ^
>>>>>>
>>>>>> My OSGi method returns a Set<ProtocolType>.
>>>>>>
>>>>>> How can I achieve this ?
>>>>>>
>>>>>> Regards,
>>>>>> Hemika
>>>>>>
>>>>>> Hemika Kodikara
>>>>>> Software Engineer
>>>>>> WSO2 Inc.
>>>>>> lean . enterprise . middleware
>>>>>> http://wso2.com
>>>>>>
>>>>>> Mobile : +94777688882
>>>>>>
>>>>>> _______________________________________________
>>>>>> Dev mailing list
>>>>>> [email protected]
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Milinda Perera
>>>>> Software Engineer;
>>>>> WSO2 Inc. http://wso2.com ,
>>>>> Mobile: (+94) 714 115 032
>>>>>
>>>>>
>>>>
>>>
>>
>
>
> --
> With regards,
> *Manu*ranga Perera.
>
> phone : 071 7 70 20 50
> mail : [email protected]
>
--
Sajith Janaprasad Ariyarathna
Software Engineer; WSO2, Inc.; http://wso2.com/
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
