[jQuery] CSRF best practice
As per this article -
http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx
Older browsers can override array processing in JS and process JSON
even though it's nothing to do with their site.
I was thinking that prepending the JSON fragment with one char that
made it invalid JSON, would do the trick. In my client app, I'd strip
the single char ..
$.get("path/to/my/service", { }, function(data) {
data = data.substr(1,data.length);
if (data.ERROR != true) {
for (var i = 0; i < data.length; i++) {
// process rows.
}
}
}, "json");
It does not work though, as I think JQuery is expecting proper JSON
not just a string.
The article talks of prepending with {"d": and suffixing with } if the
root node is an array. Is that the best strategy ?
Thoughts?
- Paul
[jQuery] Re: How to correctly set a dblclick(..) on a dynamically added table row ?
It does the same for v2.10 of blockUI too :-(
- Paul
On Nov 14, 2008, at 3:49 PM, Richard D. Worth wrote:
This looks like it may be an issue with blockUI. Are you using
v1.33? Have you tried the latest, v2.10?
- Richard
On Fri, Nov 14, 2008 at 8:45 AM, Paul Hammant <[EMAIL PROTECTED]>
wrote:
This is still dogging me - what's the correct way to add rows to a
table?
1) clone last row
2) clone a row you removed (for purposes of future cloning)
3) create the row from scratch
- Paul
On Nov 8, 2008, at 4:11 PM, Paul Hammant wrote:
Below is a demo of the problem i have. Reduced to the minimal HTML I
think.
I start with a row in a table, but on load, I remove it and store it.
Then i dynamically insert some row based on a clone of the original.
As I add each row i add a double-click to a popup form (via blockUI).
The first time you double click a row it works. The second time
everything freezes during the popup.
There must be some rules around row removal and re-adding, or
dynamically attaching a dblclick(..) event that I'm unaware of.
What am I missing ?
- Paul
--
jQuery bug demo?
$(document).ready(function() {
// take row from table, for futire use.
rowToClone = $('#mytable tr:last').remove();
insertRow("1", "double-click this line first");
insertRow("2", "then double-click this line");
$("#cancelRead").click(function() {
document.readMyForm.reset();
$.unblockUI();
});
});
function doubleClick() {
var readRow = $('#readRow');
$.blockUI(readRow, {width:'540px', height:'300px'});
}
function insertRow(id, foo) {
var newRow = rowToClone.clone();
newRow.attr("id", id);
$('td[class*=class1]', newRow).html(foo);
newRow.dblclick(doubleClick); // Is this an OK thing to
do
$('#mytable').append(newRow);
}
PLACEHOLDER
Hello!
[jQuery] Re: How to correctly set a dblclick(..) on a dynamically added table row ?
This is still dogging me - what's the correct way to add rows to a
table?
1) clone last row
2) clone a row you removed (for purposes of future cloning)
3) create the row from scratch
- Paul
On Nov 8, 2008, at 4:11 PM, Paul Hammant wrote:
Below is a demo of the problem i have. Reduced to the minimal HTML I
think.
I start with a row in a table, but on load, I remove it and store it.
Then i dynamically insert some row based on a clone of the original.
As I add each row i add a double-click to a popup form (via blockUI).
The first time you double click a row it works. The second time
everything freezes during the popup.
There must be some rules around row removal and re-adding, or
dynamically attaching a dblclick(..) event that I'm unaware of.
What am I missing ?
- Paul
--
jQuery bug demo?
$(document).ready(function() {
// take row from table, for futire use.
rowToClone = $('#mytable tr:last').remove();
insertRow("1", "double-click this line first");
insertRow("2", "then double-click this line");
$("#cancelRead").click(function() {
document.readMyForm.reset();
$.unblockUI();
});
});
function doubleClick() {
var readRow = $('#readRow');
$.blockUI(readRow, {width:'540px', height:'300px'});
}
function insertRow(id, foo) {
var newRow = rowToClone.clone();
newRow.attr("id", id);
$('td[class*=class1]', newRow).html(foo);
newRow.dblclick(doubleClick); // Is this an OK thing to
do
$('#mytable').append(newRow);
}
PLACEHOLDER
Hello!
[jQuery] How to correctly set a dblclick(..) on a dynamically added table row ?
Below is a demo of the problem i have. Reduced to the minimal HTML I
think.
I start with a row in a table, but on load, I remove it and store it.
Then i dynamically insert some row based on a clone of the original.
As I add each row i add a double-click to a popup form (via blockUI).
The first time you double click a row it works. The second time
everything freezes during the popup.
There must be some rules around row removal and re-adding, or
dynamically attaching a dblclick(..) event that I'm unaware of.
What am I missing ?
- Paul
--
jQuery bug demo?
$(document).ready(function() {
// take row from table, for futire use.
rowToClone = $('#mytable tr:last').remove();
insertRow("1", "double-click this line first");
insertRow("2", "then double-click this line");
$("#cancelRead").click(function() {
document.readMyForm.reset();
$.unblockUI();
});
});
function doubleClick() {
var readRow = $('#readRow');
$.blockUI(readRow, {width:'540px', height:'300px'});
}
function insertRow(id, foo) {
var newRow = rowToClone.clone();
newRow.attr("id", id);
$('td[class*=class1]', newRow).html(foo);
newRow.dblclick(doubleClick); // Is this an OK thing to
do
$('#mytable').append(newRow);
}
PLACEHOLDER
Hello!
