LGTM The changes to make this CL more compatible with Gdata can happen in a separate change. I haven't reviewed the photon/ part (other than noting that it is in fact awesome).
http://codereview.appspot.com/2206045/diff/21001/src/com/google/caja/service/CajaArguments.java File src/com/google/caja/service/CajaArguments.java (right): http://codereview.appspot.com/2206045/diff/21001/src/com/google/caja/service/CajaArguments.java#newcode41 src/com/google/caja/service/CajaArguments.java:41: No we produce either json or jsonp. In this CL, the difference depends on whether a &callback= was defined. The usual gdata convention is alt=json or alt=json-in-script decides whether the response is json or jsonp and the callback=XXX defines what the callback function is. If the callback function is unspecified it defaults to gadgets.io.handleScriptLoad (See http://code.google.com/apis/gdata/javadoc/com/google/gdata/client/GDataProtocol.Parameter.html#CALLBACK) On 2010/10/10 20:21:37, ihab.awad wrote:
On 2010/10/08 17:37:49, jasvir wrote: > In this or in a separate CL, alt=json and alt=json-in-script as
alternatives
to > input-mime-type.
I assume you mean as an alternative to the now-defunct
"output-mime-type"? But
we *always* produce JSON now....
http://codereview.appspot.com/2206045/diff/30001/src/com/google/caja/service/AbstractCajolingHandler.java File src/com/google/caja/service/AbstractCajolingHandler.java (right): http://codereview.appspot.com/2206045/diff/30001/src/com/google/caja/service/AbstractCajolingHandler.java#newcode212 src/com/google/caja/service/AbstractCajolingHandler.java:212: throw new RuntimeException("Detected XSS attempt; aborting request"); Please throw SomethingWidgeyHappenedErrors for Caja specific runtime exceptions. http://codereview.appspot.com/2206045/
