I am facing the same issue as well. So are you telling us this is a false
XSS vulnerability detection ?
On Friday, November 9, 2012 2:31:34 PM UTC-5, Joseph Lust wrote:
>
> But the only doc.write in either version of computeScriptBase is clearly
> a string literal, not an injection worry. Perhaps tha was generated by
> something else.
>
> // If the user renamed their script tag, we'll use a fancier method to find
> // it. Note that this will not work in the Late Loading case due to the
> // document.write call.
> if (!thisScript) {
> // Put in a marker script element which should be the first script tag
> after
> // the tag we're looking for. To find it, we start at the marker and walk
> // backwards until we find a script.
> var markerId = "__gwt_marker___MODULE_NAME__";
> var markerScript;
> $doc.write('<script id="' + markerId + '"></script>');
> markerScript = $doc.getElementById(markerId);
> thisScript = markerScript && markerScript.previousSibling;
> while (thisScript && thisScript.tagName != 'SCRIPT') {
> thisScript = thisScript.previousSibling;
> }
> }
>
>
--
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
