Thanks Joni! I appreciate the sample code.
Dan
On Mar 7, 8:10 am, Joni Freeman <freeman.j...@gmail.com> wrote:
> Note, it is very easy to clean up the JSON before rendering by using
> 'map' function:
>
> json map {
> case JString(s) => JString(sripOutBinaryChars(s))
> case x => x
>
> }
>
> (You just need to implement that sripOutBinaryChars function...).
>
> Cheers Joni
>
> On Mar 5, 8:26 pm, Dano <olearydani...@gmail.com> wrote:
>
>
>
> > I think I would like to amend my last post by asking if it is possible
> > that the lift-jsonlibrary support the ability to strip out binary
> > characters since many times an application uses the results ofJSON
> > operations to render back to the client.
>
> > Thanks.
>
> > Dan
>
> > On Mar 5, 9:53 am, Dano <olearydani...@gmail.com> wrote:
>
> > > I can reproduce it in our application, but I think it is not
> > > necessarily due to Lift. This is what I am trying to sort out. We
> > > have client-side javascript which is sendingJSONcommands to the
> > > server and things blow up once things come back from the server. In
> > > this case, Lift is not responsible for the rendering so I would say
> > > this is an application issue.
>
> > > I am poking at the demo lift application to try to flush out issues
> > > common to the group and understand what is a framework issue and what
> > > needs to be addressed by the application.
>
> > > Thanks.
>
> > > Dan
>
> > > On Mar 5, 9:47 am, Naftoli Gugenheim <naftoli...@gmail.com> wrote:
>
> > > > Can you reproduce the vulnerability in your own M3 app?
>
> > > > -------------------------------------
>
> > > > Dano<olearydani...@gmail.com> wrote:
>
> > > > I would never claim to be astute. However, I did observe that
> > > > demo.liftweb.net is now built using 2.0-M3 as is clearly listed at the
> > > > bottom of the page. I also observed that the Wizard example is still
> > > > broken (paste binary characters into 'First Name' and then click the
> > > > Next button). I have not yet registered for an account with Assembla
> > > > but would be happy to file the bug.
>
> > > > Dan
>
> > > > On Mar 4, 7:33 pm, Ross Mellgren <dri...@gmail.com> wrote:
>
> > > > > Check dpp's response as of 8:01
>
> > > > > -Ross
>
> > > > > On Mar 4, 2010, at 7:49 PM, Naftoli Gugenheim wrote:
>
> > > > > > What version is the demo running?
>
> > > > > > -------------------------------------
> > > > > > Dano<olearydani...@gmail.com> wrote:
>
> > > > > > Just saw that Lift 2.0-M3 was released. I looked to see if the
> > > > > > vulnerability was still present in demo.liftweb.net and I am still
> > > > > > able to generate exceptions in the browser when I paste binary
> > > > > > characters in the textfields for the Wizard, Wizard Challenge, and
> > > > > > Arc
> > > > > > Challenge examples in the Misc section.
>
> > > > > > Don't know if this remaining problem is supposed to be handled by
> > > > > > the
> > > > > > application or framework, but thought I would make a post to alert
> > > > > > the
> > > > > > group.
>
> > > > > > Dan
>
> > > > > > On Feb 24, 11:49 am, Dano <olearydani...@gmail.com> wrote:
> > > > > >> The recent scala days conference activity may have cause the
> > > > > >> updates
> > > > > >> to this thread to escape notice. Just wondering if there is
> > > > > >> concern
> > > > > >> about the remaining binary character problems I noted in my prior
> > > > > >> post.
>
> > > > > >> Thanks in advance.
>
> > > > > >> Dan
>
> > > > > >> On Feb 22, 1:34 pm, Dano <olearydani...@gmail.com> wrote:
>
> > > > > >>> More information on this in case anyone is interested. If you go
> > > > > >>> to
> > > > > >>> theliftdemo website, it appears the issue with characters is
> > > > > >>> mostly
> > > > > >>> addressed except for the "Misc code" section. Specifically, the
> > > > > >>> "Wizard", "Wizard Challenge" and "Arc Challenge #1" examples will
> > > > > >>> generate XML parsing errors.
>
> > > > > >>> For these problems, I am not sure if the issue if the example or
> > > > > >>> the
> > > > > >>> framework. If the issue is with the example, it would be good to
> > > > > >>> know
> > > > > >>> whatLiftapps need to do to avoid getting bitten by binary
> > > > > >>> characters
> > > > > >>> entered into form fields.
>
> > > > > >>> Thanks in advance.
>
> > > > > >>> Dan
>
> > > > > >>> On Feb 17, 11:06 am, Dano <olearydani...@gmail.com> wrote:
>
> > > > > >>>> Hello,
>
> > > > > >>>> I was wondering if the fix for the control characters issue was
> > > > > >>>> included in 2.0-M2. I just did a test with ourLiftapplication
> > > > > >>>> built
> > > > > >>>> with 2.0-M2 and I am still seeing problems (i.e. javascript
> > > > > >>>> exceptions
> > > > > >>>> - NS_ERROR_INVALID_POINTER).
>
> > > > > >>>> Thanks in advance.
>
> > > > > >>>> Dan
>
> > > > > >>>> On Feb 3, 9:08 am, David Pollak <feeder.of.the.be...@gmail.com>
> > > > > >>>> wrote:
>
> > > > > >>>>> Thanks for pointing that out. There are other problems as
> > > > > >>>>> well... I'll fix
> > > > > >>>>> them (in both the Scala andLiftdiffs)
>
> > > > > >>>>> On Wed, Feb 3, 2010 at 7:39 AM, Feng Zhang
> > > > > >>>>> <sharpzh...@gmail.com> wrote:
> > > > > >>>>>> I found that in the fix, \n is changed to \t, while \t to \n.
> > > > > >>>>>> Is this
> > > > > >>>>>> desired behavior?
>
> > > > > >>>>>> Thank you,
>
> > > > > >>>>>> Feng
>
> > > > > >>>>>> On Wed, Feb 3, 2010 at 9:20 AM, Indrajit Raychaudhuri
> > > > > >>>>>> <indraj...@gmail.com
> > > > > >>>>>>> wrote:
>
> > > > > >>>>>>> 1. Fix in head/master (2.0-SNAPSHOT) and prepone 2.0-M2.
>
> > > > > >>>>>>> 2. Backport in 1.0.x branch and spin 1.0.4. We haven't marked
> > > > > >>>>>>> 1.0.x
> > > > > >>>>>>> 'unsupported' yet. Forcing apps to move to 2.0-M2 just for
> > > > > >>>>>>> this
> > > > > >>>>>>> vulnerability fix isn't fun.
>
> > > > > >>>>>>> Cheers, Indrajit
>
> > > > > >>>>>>> On 03/02/10 3:34 PM, Timothy Perrett wrote:
>
> > > > > >>>>>>>> +1
>
> > > > > >>>>>>>> Fix it in head, no need to back-port; M2 is only around the
> > > > > >>>>>>>> corner.
>
> > > > > >>>>>>>> Cheers, Tim
>
> > > > > >>>>>>>> On 3 Feb 2010, at 09:49, Jeppe Nejsum Madsen wrote:
>
> > > > > >>>>>>>> David Pollak<feeder.of.the.be...@gmail.com> writes:
>
> > > > > >>>>>>>>> I'd like to get a sense of how important the community
> > > > > >>>>>>>>> views this
> > > > > >>>>>>>>>> defect.
> > > > > >>>>>>>>>> Is it a "backport the fix to every milestone and release
> > > > > >>>>>>>>>> yesterday" or
> > > > > >>>>>>>>>> is it
> > > > > >>>>>>>>>> a "fix it in 2.0-M2" or someplace in between.
>
> > > > > >>>>>>>>> For me, it's fix it in 2.0-SNAPSHOT
>
> > > > > >>>>>>>>> /Jeppe
>
> > > > > >>>>>>>>> --
> > > > > >>>>>>>>> You received this message because you are subscribed to the
> > > > > >>>>>>>>> Google
> > > > > >>>>>>>>> Groups "Lift" group.
> > > > > >>>>>>>>> To post to this group, send email to
> > > > > >>>>>>>>> lift...@googlegroups.com.
> > > > > >>>>>>>>> To unsubscribe from this group, send email to
> > > > > >>>>>>>>> liftweb+unsubscr...@googlegroups.com<liftweb%2bunsubscr...@googlegroups.com
> > > > > >>>>>>>>> >
> > > > > >>>>>>>>> .
> > > > > >>>>>>>>> For more options, visit this group at
> > > > > >>>>>>>>>http://groups.google.com/group/liftweb?hl=en.
>
> > > > > >>>>>>> --
> > > > > >>>>>>> You received this message because you are subscribed to the
> > > > > >>>>>>> Google Groups
> > > > > >>>>>>> "Lift" group.
> > > > > >>>>>>> To post to this group, send email to lift...@googlegroups.com.
> > > > > >>>>>>> To unsubscribe from this group, send email to
> > > > > >>>>>>> liftweb+unsubscr...@googlegroups.com<liftweb%2bunsubscr...@googlegroups.com
> > > > > >>>>>>> >
> > > > > >>>>>>> .
> > > > > >>>>>>> For more options, visit this group at
> > > > > >>>>>>>http://groups.google.com/group/liftweb?hl=en.
>
> > > > > >>>>>> --
> > > > > >>>>>> You received this message because you are subscribed to the
> > > > > >>>>>> Google Groups
> > > > > >>>>>> "Lift" group.
> > > > > >>>>>> To post to this group, send email to lift...@googlegroups.com.
> > > > > >>>>>> To unsubscribe from this group, send email to
> > > > > >>>>>> liftweb+unsubscr...@googlegroups.com<liftweb%2bunsubscr...@googlegroups.com
> > > > > >>>>>> >
> > > > > >>>>>> .
> > > > > >>>>>> For more options, visit this group at
> > > > > >>>>>>http://groups.google.com/group/liftweb?hl=en.
>
> > > > > >>>>> --
> > > > > >>>>> Lift, the simply functional web frameworkhttp://liftweb.net
> > > > > >>>>> Beginning Scalahttp://www.apress.com/book/view/1430219890
> > > > > >>>>> Follow me:http://twitter.com/dpp
> > > > > >>>>> Surf the harmonics
>
> > > > > > --
> > > > > > You received this message because you are subscribed to the Google
> > > > > > Groups "Lift" group.
> > > > > > To post to this group, send email to lift...@googlegroups.com.
> > > > > > To unsubscribe from this group, send email to
> > > > > > liftweb+unsubscr...@googlegroups.com.
> > > > > > For more options, visit this group
> > > > > > athttp://groups.google.com/group/liftweb?hl=en.
>
> > > > > > --
> > > > > > You received this message because you are subscribed to the Google
> > > > > > Groups "Lift" group.
> > > > > > To post to this group, send email to lift...@googlegroups.com.
> > > > > > To unsubscribe from this group, send email to
> > > > > > liftweb+unsubscr...@googlegroups.com.
> > > > > > For more options, visit this group
> > > > > > athttp://groups.google.com/group/liftweb?hl=en.
>
> > > > --
> > > > You received this message because you are subscribed to the Google
> > > > Groups "Lift" group.
> > > > To post to this group, send email to lift...@googlegroups.com.
> > > > To unsubscribe from this group, send email to
> > > > liftweb+unsubscr...@googlegroups.com.
> > > > For more options, visit this group
> > > > athttp://groups.google.com/group/liftweb?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to lift...@googlegroups.com.
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en.
