Yes, I removed the security filter. But that you say it works in 1.5.0
probably means that the whitespace google inserted was screwing things
up. What's going wrong with your app? What error is being thrown?
- Dash -
Stephan Ellis wrote:
> Hmm, interesting. Did you remove the /*-secure- */ part? It works
> perfectly with 1.5.0 -stephan
>
> On 5/21/07, David Dashifen Kees <[EMAIL PROTECTED]> wrote:
>
>> When I try to evaluate your JSON using Firebug, it tells me there's an
>> invalid label in there somewhere.
>>
>> - Dash -
>>
>> Stephan Ellis wrote:
>>
>>> OK, so let me show you (according to firebug) the response prototype
>>> is getting from my application.
>>>
>>> Response Headers
>>> Connection close
>>> Date Mon, 21 May 2007 19:54:31 GMT
>>> Content-Length 998
>>> Content-Type application/javascript; charset=utf-8
>>> Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
>>> path=/; expires=Mon, 21-May-2007 21:54:31 GMT
>>> Status 200
>>> X-Catalyst 5.7007
>>>
>>> Response Body
>>> /*-secure-
>>> {"path_json":[],"files_json":[{"versions":1,"newest_id":64,"is_image":"y","date_added":"04-09-2007
>>> 14:54:50","name":"Water lilies.jpg","id":59,"date_newest":"04-09-2007
>>> 14:54:50"},{"versions":1,"newest_id"
>>> :66,"is_image":"y","date_added":"04-11-2007 15:56:15","name":"Blue
>>> hills.jpg","id":61,"date_newest":"04-11-2007
>>> 15:56:15"}],"folders_json":[{"folders":0,"date":"03-29-2007
>>> 19:34:16","files":0,"name":"Billy","id"
>>> :22},{"folders":0,"date":"03-29-2007
>>> 19:34:45","files":0,"name":"Kendall","id":24},{"folders":0,"date"
>>> :"03-29-2007
>>> 19:35:01","files":0,"name":"Nothing","id":25},{"folders":2,"date":"03-29-2007
>>> 19:31:49"
>>> ,"files":0,"name":"DB","id":16},{"folders":1,"date":"03-29-2007
>>> 19:34:11","files":6,"name":"Angus","id"
>>> :21},{"folders":2,"date":"03-29-2007
>>> 19:34:29","files":0,"name":"Tanya","id":23},{"folders":2,"date"
>>> :"03-29-2007 20:34:37","files":0,"name":"Another
>>> folder","id":56},{"folders":2,"date":"04-03-2007 15
>>> :42:23","files":20,"name":"Smellis","id":89}],"parent_json":""} */
>>>
>>> So, does everyone agree that this should be working? I am lost.
>>>
>>>
>>> On 5/21/07, David Dashifen Kees <[EMAIL PROTECTED]> wrote:
>>>
>>>
>>>> Looks good to me.
>>>> - Dash -
>>>>
>>>> Stephan Ellis wrote:
>>>>
>>>>
>>>>> OK, so I went over the code, and it appears that as long as the X-JSON
>>>>> header does not exist and my Content-type is application/javascript and my
>>>>> json in the response body is wrapped with:
>>>>>
>>>>> /*-secure- (some whitespace) [json data here](some more whitespace) */
>>>>>
>>>>> It should evaluated the response body. Am I wrong?
>>>>>
>>>>> -stephan
>>>>>
>>>>> On 5/21/07, David Dashifen Kees <[EMAIL PROTECTED]> wrote:
>>>>>
>>>>>
>>>>>
>>>>>> Wow ... I didn't know that about the content-type of the response body.
>>>>>> Thanks.
>>>>>> - Dash -
>>>>>>
>>>>>> Tom Gregory wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> The value of the X-JSON header and whether the response body is
>>>>>>> evaluated are separate concerns. If the X-JSON header is present, and
>>>>>>> evals to a json object, it's passed as the second parameter to
>>>>>>> onSuccess, et al.
>>>>>>>
>>>>>>> e.x.
>>>>>>> onSuccess (transport, json) {
>>>>>>> // ...
>>>>>>> }
>>>>>>>
>>>>>>> The eval of the response body is based on the "Content-type" header.
>>>>>>> If you poke around the code from svn, you'll find these lines in
>>>>>>> ajax.js:
>>>>>>>
>>>>>>> var contentType = this.getHeader('Content-type');
>>>>>>> if (contentType && contentType.strip().
>>>>>>> match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i))
>>>>>>> this.evalResponse();
>>>>>>> // ...
>>>>>>>
>>>>>>> // ...
>>>>>>> evalResponse: function() {
>>>>>>> try {
>>>>>>> return eval((this.transport.responseText || '').unfilterJSON());
>>>>>>> } catch (e) {
>>>>>>> this.dispatchException(e);
>>>>>>> }
>>>>>>> }
>>>>>>>
>>>>>>> Does that make things any clearer?
>>>>>>>
>>>>>>>
>>>>>>> TAG
>>>>>>>
>>>>>>> On May 21, 2007, at 12:38 PM, Stephan Ellis wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Yes, my framework, specifically my view that generates JSON sticks
>>>>>>>> the X-JSON header in to accommodate prototype. I guess to rephrase
>>>>>>>> my question, if I turn on the X-JSON header, is it supposed to
>>>>>>>> automatically eval the response body? Sorry if I seem like I have
>>>>>>>> a thick skull :) Thanks a bunch...
>>>>>>>> -stephan
>>>>>>>>
>>>>>>>> On 5/21/07, David Dashifen Kees <[EMAIL PROTECTED]> wrote:
>>>>>>>>
>>>>>>>> Yes. If your JSON is in the response body, you will have to
>>>>>>>> evaluate it
>>>>>>>> yourself. It must be the framework you're using which is creating the
>>>>>>>> X-JSON header, perhaps? For example:
>>>>>>>>
>>>>>>>> new Ajax.Request("some_page.php", {
>>>>>>>> parameters: {id: 6},
>>>>>>>> onComplete: function(xhr) {
>>>>>>>> var json = xhr.responseText.evalJSON(true);
>>>>>>>> /* ... do something else ... */
>>>>>>>> }
>>>>>>>> });
>>>>>>>>
>>>>>>>> You're responseText should then be valid JSON. For more information,
>>>>>>>> see http://prototypejs.org/api/string/evaljson.
>>>>>>>>
>>>>>>>> - Dash -
>>>>>>>>
>>>>>>>> Stephan Ellis wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Dash,
>>>>>>>>> Thanks for the reply. Are you saying that I have to evaluate the
>>>>>>>>> reponseText myself if the JSON is in the response body? I
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> configured my
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> application to not send the X-JSON header, but prototype is still
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> not
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> evaluating the response body.
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> -stephan
>>>>>>>>>
>>>>>>>>> On 5/21/07, David Dashifen Kees <[EMAIL PROTECTED]> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> The problem is how you're sending information in the X-JSON header.
>>>>>>>>>> Prototype will try to automatically evaluate anything in the X-JSON
>>>>>>>>>> header assuming that it is a JSON string. You're X-JSON header
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> is not a
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>> JSON string but rather another call to eval() so the internal
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> Prototype
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>> String.evalJSON() function is probably your failure point.
>>>>>>>>>>
>>>>>>>>>> Instead, either make "var json = transport.responseText.evalJSON
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> (true)"
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>> the first line of your callback function, or make sure that your
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> X-JSON
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>> header is *only* a JSON string.
>>>>>>>>>>
>>>>>>>>>> Also, you should be aware that Prototype 1.5.1 added security
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> features
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>> to help avoid the execution of JSON with invalid code or
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> malicious code
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>> within it. As a result, JSON created and passed around by
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> prototype has
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>> /*-secure- before your JSON and */ after it. If you use the
>>>>>>>>>> String.evalJSON() function to parse your information, you might
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> need to
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>> explicitly add these strings before and after your JSON to
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> evaluate it
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>> properly.
>>>>>>>>>>
>>>>>>>>>> - Dash -
>>>>>>>>>>
>>>>>>>>>> smellis wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Hello Everyone,
>>>>>>>>>>>
>>>>>>>>>>> I upgraded to 1.5.1 today and I have run into a problem:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>> automatic
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>>> JSON evaluation has stopped working. On the server side I use
>>>>>>>>>>> Catalyst, an MVC framework for perl. I use
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>> Catalyst::View::JSON to
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>>> turn my perl data structures in to JSON. Here is what my response
>>>>>>>>>>> headers look like:
>>>>>>>>>>>
>>>>>>>>>>> Response Headers
>>>>>>>>>>> Connection close
>>>>>>>>>>> Date Mon, 21 May 2007 15:12:54 GMT
>>>>>>>>>>> Content-Length 984
>>>>>>>>>>> Content-Type application/javascript; charset=utf-8
>>>>>>>>>>> Set-Cookie
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT
>>>>>>>>>>> Status 200
>>>>>>>>>>> X-Catalyst 5.7007
>>>>>>>>>>> X-JSON eval("("+this.transport.responseText+")")
>>>>>>>>>>>
>>>>>>>>>>> The JSON is actually in the response body. I had to subclassed my
>>>>>>>>>>> JSON view to spit out application/javascript, because the default
>>>>>>>>>>> content-type (application/json) is not listed in the prototype
>>>>>>>>>>> documentation as one that will cause prototype to auto evaluate
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>> the
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>>> reponse. I have tried turning off the X-JSON header to see if
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>> that
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>>> was a problem, but it still doesn't work. Any ideas? Thanks in
>>>>>>>>>>> advance. -stephan
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>
>
> >
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Spinoffs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---
