OK, so I went over the code, and it appears that as long as the X-JSON
header does not exist and my Content-type is application/javascript and my
json in the response body is wrapped with:
/*-secure- (some whitespace) [json data here](some more whitespace) */
It should evaluated the response body. Am I wrong?
-stephan
On 5/21/07, David Dashifen Kees <[EMAIL PROTECTED]> wrote:
>
>
> Wow ... I didn't know that about the content-type of the response body.
> Thanks.
> - Dash -
>
> Tom Gregory wrote:
> > The value of the X-JSON header and whether the response body is
> > evaluated are separate concerns. If the X-JSON header is present, and
> > evals to a json object, it's passed as the second parameter to
> > onSuccess, et al.
> >
> > e.x.
> > onSuccess (transport, json) {
> > // ...
> > }
> >
> > The eval of the response body is based on the "Content-type" header.
> > If you poke around the code from svn, you'll find these lines in
> > ajax.js:
> >
> > var contentType = this.getHeader('Content-type');
> > if (contentType && contentType.strip().
> > match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i))
> > this.evalResponse();
> > // ...
> >
> > // ...
> > evalResponse: function() {
> > try {
> > return eval((this.transport.responseText || '').unfilterJSON());
> > } catch (e) {
> > this.dispatchException(e);
> > }
> > }
> >
> > Does that make things any clearer?
> >
> >
> > TAG
> >
> > On May 21, 2007, at 12:38 PM, Stephan Ellis wrote:
> >
> >
> >> Yes, my framework, specifically my view that generates JSON sticks
> >> the X-JSON header in to accommodate prototype. I guess to rephrase
> >> my question, if I turn on the X-JSON header, is it supposed to
> >> automatically eval the response body? Sorry if I seem like I have
> >> a thick skull :) Thanks a bunch...
> >> -stephan
> >>
> >> On 5/21/07, David Dashifen Kees <[EMAIL PROTECTED]> wrote:
> >>
> >> Yes. If your JSON is in the response body, you will have to
> >> evaluate it
> >> yourself. It must be the framework you're using which is creating the
> >> X-JSON header, perhaps? For example:
> >>
> >> new Ajax.Request("some_page.php", {
> >> parameters: {id: 6},
> >> onComplete: function(xhr) {
> >> var json = xhr.responseText.evalJSON(true);
> >> /* ... do something else ... */
> >> }
> >> });
> >>
> >> You're responseText should then be valid JSON. For more information,
> >> see http://prototypejs.org/api/string/evaljson.
> >>
> >> - Dash -
> >>
> >> Stephan Ellis wrote:
> >>
> >>> Dash,
> >>> Thanks for the reply. Are you saying that I have to evaluate the
> >>> reponseText myself if the JSON is in the response body? I
> >>>
> >> configured my
> >>
> >>> application to not send the X-JSON header, but prototype is still
> >>>
> >> not
> >>
> >>> evaluating the response body.
> >>>
> >>> Thanks,
> >>> -stephan
> >>>
> >>> On 5/21/07, David Dashifen Kees <[EMAIL PROTECTED]> wrote:
> >>>
> >>>
> >>>> The problem is how you're sending information in the X-JSON header.
> >>>> Prototype will try to automatically evaluate anything in the X-JSON
> >>>> header assuming that it is a JSON string. You're X-JSON header
> >>>>
> >> is not a
> >>
> >>>> JSON string but rather another call to eval() so the internal
> >>>>
> >> Prototype
> >>
> >>>> String.evalJSON() function is probably your failure point.
> >>>>
> >>>> Instead, either make "var json = transport.responseText.evalJSON
> >>>>
> >> (true)"
> >>
> >>>> the first line of your callback function, or make sure that your
> >>>>
> >> X-JSON
> >>
> >>>> header is *only* a JSON string.
> >>>>
> >>>> Also, you should be aware that Prototype 1.5.1 added security
> >>>>
> >> features
> >>
> >>>> to help avoid the execution of JSON with invalid code or
> >>>>
> >> malicious code
> >>
> >>>> within it. As a result, JSON created and passed around by
> >>>>
> >> prototype has
> >>
> >>>> /*-secure- before your JSON and */ after it. If you use the
> >>>> String.evalJSON() function to parse your information, you might
> >>>>
> >> need to
> >>
> >>>> explicitly add these strings before and after your JSON to
> >>>>
> >> evaluate it
> >>
> >>>> properly.
> >>>>
> >>>> - Dash -
> >>>>
> >>>> smellis wrote:
> >>>>
> >>>>
> >>>>> Hello Everyone,
> >>>>>
> >>>>> I upgraded to 1.5.1 today and I have run into a problem:
> >>>>>
> >> automatic
> >>
> >>>>> JSON evaluation has stopped working. On the server side I use
> >>>>> Catalyst, an MVC framework for perl. I use
> >>>>>
> >> Catalyst::View::JSON to
> >>
> >>>>> turn my perl data structures in to JSON. Here is what my response
> >>>>> headers look like:
> >>>>>
> >>>>> Response Headers
> >>>>> Connection close
> >>>>> Date Mon, 21 May 2007 15:12:54 GMT
> >>>>> Content-Length 984
> >>>>> Content-Type application/javascript; charset=utf-8
> >>>>> Set-Cookie
> >>>>>
> >> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
> >>
> >>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT
> >>>>> Status 200
> >>>>> X-Catalyst 5.7007
> >>>>> X-JSON eval("("+this.transport.responseText+")")
> >>>>>
> >>>>> The JSON is actually in the response body. I had to subclassed my
> >>>>> JSON view to spit out application/javascript, because the default
> >>>>> content-type (application/json) is not listed in the prototype
> >>>>> documentation as one that will cause prototype to auto evaluate
> >>>>>
> >> the
> >>
> >>>>> reponse. I have tried turning off the X-JSON header to see if
> >>>>>
> >> that
> >>
> >>>>> was a problem, but it still doesn't work. Any ideas? Thanks in
> >>>>> advance. -stephan
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>
> >>>
> >
> >
> > >
> >
> >
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Spinoffs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---
