Check dpp's response as of 8:01 -Ross
On Mar 4, 2010, at 7:49 PM, Naftoli Gugenheim wrote: > What version is the demo running? > > ------------------------------------- > Dano<[email protected]> wrote: > > Just saw that Lift 2.0-M3 was released. I looked to see if the > vulnerability was still present in demo.liftweb.net and I am still > able to generate exceptions in the browser when I paste binary > characters in the textfields for the Wizard, Wizard Challenge, and Arc > Challenge examples in the Misc section. > > Don't know if this remaining problem is supposed to be handled by the > application or framework, but thought I would make a post to alert the > group. > > > Dan > > On Feb 24, 11:49 am, Dano <[email protected]> wrote: >> The recent scala days conference activity may have cause the updates >> to this thread to escape notice. Just wondering if there is concern >> about the remaining binary character problems I noted in my prior >> post. >> >> Thanks in advance. >> >> Dan >> >> On Feb 22, 1:34 pm, Dano <[email protected]> wrote: >> >>> More information on this in case anyone is interested. If you go to >>> theliftdemo website, it appears the issue with characters is mostly >>> addressed except for the "Misc code" section. Specifically, the >>> "Wizard", "Wizard Challenge" and "Arc Challenge #1" examples will >>> generate XML parsing errors. >> >>> For these problems, I am not sure if the issue if the example or the >>> framework. If the issue is with the example, it would be good to know >>> whatLiftapps need to do to avoid getting bitten by binary characters >>> entered into form fields. >> >>> Thanks in advance. >> >>> Dan >> >>> On Feb 17, 11:06 am, Dano <[email protected]> wrote: >> >>>> Hello, >> >>>> I was wondering if the fix for the control characters issue was >>>> included in 2.0-M2. I just did a test with ourLiftapplication built >>>> with 2.0-M2 and I am still seeing problems (i.e. javascript exceptions >>>> - NS_ERROR_INVALID_POINTER). >> >>>> Thanks in advance. >> >>>> Dan >> >>>> On Feb 3, 9:08 am, David Pollak <[email protected]> wrote: >> >>>>> Thanks for pointing that out. There are other problems as well... I'll >>>>> fix >>>>> them (in both the Scala andLiftdiffs) >> >>>>> On Wed, Feb 3, 2010 at 7:39 AM, Feng Zhang <[email protected]> wrote: >>>>>> I found that in the fix, \n is changed to \t, while \t to \n. Is this >>>>>> desired behavior? >> >>>>>> Thank you, >> >>>>>> Feng >> >>>>>> On Wed, Feb 3, 2010 at 9:20 AM, Indrajit Raychaudhuri >>>>>> <[email protected] >>>>>>> wrote: >> >>>>>>> 1. Fix in head/master (2.0-SNAPSHOT) and prepone 2.0-M2. >> >>>>>>> 2. Backport in 1.0.x branch and spin 1.0.4. We haven't marked 1.0.x >>>>>>> 'unsupported' yet. Forcing apps to move to 2.0-M2 just for this >>>>>>> vulnerability fix isn't fun. >> >>>>>>> Cheers, Indrajit >> >>>>>>> On 03/02/10 3:34 PM, Timothy Perrett wrote: >> >>>>>>>> +1 >> >>>>>>>> Fix it in head, no need to back-port; M2 is only around the corner. >> >>>>>>>> Cheers, Tim >> >>>>>>>> On 3 Feb 2010, at 09:49, Jeppe Nejsum Madsen wrote: >> >>>>>>>> David Pollak<[email protected]> writes: >> >>>>>>>>> I'd like to get a sense of how important the community views this >>>>>>>>>> defect. >>>>>>>>>> Is it a "backport the fix to every milestone and release yesterday" >>>>>>>>>> or >>>>>>>>>> is it >>>>>>>>>> a "fix it in 2.0-M2" or someplace in between. >> >>>>>>>>> For me, it's fix it in 2.0-SNAPSHOT >> >>>>>>>>> /Jeppe >> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "Lift" group. >>>>>>>>> To post to this group, send email to [email protected]. >>>>>>>>> To unsubscribe from this group, send email to >>>>>>>>> [email protected]<liftweb%[email protected] >>>>>>>>> > >>>>>>>>> . >>>>>>>>> For more options, visit this group at >>>>>>>>> http://groups.google.com/group/liftweb?hl=en. >> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups >>>>>>> "Lift" group. >>>>>>> To post to this group, send email to [email protected]. >>>>>>> To unsubscribe from this group, send email to >>>>>>> [email protected]<liftweb%[email protected] >>>>>>> > >>>>>>> . >>>>>>> For more options, visit this group at >>>>>>> http://groups.google.com/group/liftweb?hl=en. >> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google Groups >>>>>> "Lift" group. >>>>>> To post to this group, send email to [email protected]. >>>>>> To unsubscribe from this group, send email to >>>>>> [email protected]<liftweb%[email protected] >>>>>> > >>>>>> . >>>>>> For more options, visit this group at >>>>>> http://groups.google.com/group/liftweb?hl=en. >> >>>>> -- >>>>> Lift, the simply functional web frameworkhttp://liftweb.net >>>>> Beginning Scalahttp://www.apress.com/book/view/1430219890 >>>>> Follow me:http://twitter.com/dpp >>>>> Surf the harmonics > > -- > You received this message because you are subscribed to the Google Groups > "Lift" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/liftweb?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Lift" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/liftweb?hl=en. > -- You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.
