[mochikit] Re: error in DOM.js
I'm using Mochkit 1.4 and get the error in Firefox that callStack[i] has no properties when loading my web page. It seems to display correctly in FireFox, but not on IE6 or IE7. The error messages on IE are not helpful to tell me what is the problem as it refers to a line but doesn't tell me what file it is in. I'm not sure how to move resolve this problem. Any suggestions? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups MochiKit group. To post to this group, send email to mochikit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/mochikit?hl=en -~--~~~~--~~--~--~---
[mochikit] Fix for CVE-2007-2381
Hello: Will there be a fix for http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2381 in the 1.3.1 branch? Cheers, Konstantin Ryabitsev, Fedora Project --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups MochiKit group. To post to this group, send email to mochikit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/mochikit?hl=en -~--~~~~--~~--~--~---
[mochikit] Re: Fix for CVE-2007-2381
On 5/1/07, Konstantin Ryabitsev [EMAIL PROTECTED] wrote: Hello: Will there be a fix for http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2381 in the 1.3.1 branch? Nope. It's not a real security issue, not with MochiKit anyway. The recommended fix would mean supporting some junk that's not JSON anymore. I've already caved and put said support on the trunk just so people would shut up about the issue, but I'm certainly not going to make a maintenance release to fix this non-issue. Ensuring that your server only sends JSON when properly authenticated, or otherwise sending only non-exploitable JSON (e.g. JSON with an object envelope) is the only solution to this problem. Only a very small subset of JSON, specifically [array, envelope, json] is susceptible to this data leakage attack. Don't send that stuff on the server-side, and there is no problem. Most people don't send array envelope JSON anyhow. Either way, totally irrelevant to the client-side. It's like saying that we should fix browsers so that they can't be used to mount a SQL injection attack on a poorly written service. -bob --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups MochiKit group. To post to this group, send email to mochikit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/mochikit?hl=en -~--~~~~--~~--~--~---
[mochikit] Re: Fix for CVE-2007-2381
On May 1, 4:49 pm, Bob Ippolito [EMAIL PROTECTED] wrote: Will there be a fix forhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2381 in the 1.3.1 branch? Nope. It's not a real security issue, not with MochiKit anyway. The recommended fix would mean supporting some junk that's not JSON anymore. I've already caved and put said support on the trunk just so people would shut up about the issue, but I'm certainly not going to make a maintenance release to fix this non-issue. Ensuring that your server only sends JSON when properly authenticated, or otherwise sending only non-exploitable JSON (e.g. JSON with an object envelope) is the only solution to this problem. Only a very small subset of JSON, specifically [array, envelope, json] is susceptible to this data leakage attack. Don't send that stuff on the server-side, and there is no problem. Most people don't send array envelope JSON anyhow. Either way, totally irrelevant to the client-side. It's like saying that we should fix browsers so that they can't be used to mount a SQL injection attack on a poorly written service. OK, fair enough. I'm just going through the proper motions to handle a bug report against my package in Fedora (https://bugzilla.redhat.com/ bugzilla/show_bug.cgi?id=238616). Cheers, Konstantin --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups MochiKit group. To post to this group, send email to mochikit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/mochikit?hl=en -~--~~~~--~~--~--~---
[mochikit] Newbie, with IE7 error with form submission
Hi, on Firefox Mochikit is running very well. I used Firebug to feel my way through the available attributes, and got a nice in-place form submission in 80 lines of javascript. Now on IE7, the on-failure method of my get is always getting called. This code doesn't address the form directly, because there are hundreds of similar forms on the same page, so the code uses the this var in the form's onSubmit. Is there a better way? Can anyone offhand tell me what IE7 might not like? Thanks in advance! -Jim onTagFormSubmit = function(event) { event.stopPropagation(); event.preventDefault(); tags = this.tags.value; log (got tags: + tags); params = { format:json, item_oid:this.item_oid.value, tags:tags }; // Submit the form, and set up success and fail handlers var request = loadJSONDoc(this.action, params); request.addCallbacks(onTagFormSuccess, onTagFormFailure); tools_id = tag_current_ + this.item_oid.value; message = Updating tags... please wait. ; MochiKit.DOM.removeElementClass(tools_id, hidden); getElement(tools_id).innerHTML=message; // no default action return false; } onTagFormSuccess = function(result) { // Update the current tags field associated with the // particular form text_area_id = tag_text_ + result.item_oid; getElement(text_area_id).value = result.newtags; tools_id = tag_current_ + result.item_oid; message = Your tags have been applied.; getElement(tools_id).innerHTML=message; MochiKit.Visual.Highlight(tools_id) } onTagFormFailure = function(result) { alert (Your tagging request failed. Please let us know.); } --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups MochiKit group. To post to this group, send email to mochikit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/mochikit?hl=en -~--~~~~--~~--~--~---
[mochikit] Re: Newbie, with IE7 error with form submission
On 5/1/07, Jim Carroll [EMAIL PROTECTED] wrote: Hi, on Firefox Mochikit is running very well. I used Firebug to feel my way through the available attributes, and got a nice in-place form submission in 80 lines of javascript. Now on IE7, the on-failure method of my get is always getting called. This code doesn't address the form directly, because there are hundreds of similar forms on the same page, so the code uses the this var in the form's onSubmit. Is there a better way? Can anyone offhand tell me what IE7 might not like? Thanks in advance! -Jim onTagFormSubmit = function(event) { I haven't read through all of this, but you might want to try using a variable name other than event. IE has an event window global. -bob --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups MochiKit group. To post to this group, send email to mochikit@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/mochikit?hl=en -~--~~~~--~~--~--~---