Author: beaton
Date: Sat Jun 14 15:13:44 2008
New Revision: 667892
URL: http://svn.apache.org/viewvc?rev=667892&view=rev
Log:
Remove misleading comments from io.js (fixes SHINDIG-377)
Modified:
incubator/shindig/trunk/features/core.io/io.js
Modified: incubator/shindig/trunk/features/core.io/io.js
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/features/core.io/io.js?rev=667892&r1=667891&r2=667892&view=diff
==============================================================================
--- incubator/shindig/trunk/features/core.io/io.js (original)
+++ incubator/shindig/trunk/features/core.io/io.js Sat Jun 14 15:13:44 2008
@@ -109,10 +109,7 @@
return;
}
var txt = xobj.responseText;
- // remove unparseable cruft.
- // TODO: really remove this by eliminating it. It's not any real security
- // to begin with, and we can solve this problem by using post requests
- // and / or passing the url in the http headers.
+ // remove unparseable cruft used to prevent cross-site script inclusion
txt = txt.substr(UNPARSEABLE_CRUFT.length);
// We are using eval directly here because the outer response comes from a
// trusted source, and json parsing is slow in IE.
@@ -414,7 +411,6 @@
"OAUTH_TOKEN"
]);
-// PUT, DELETE, and HEAD not supported currently.
gadgets.io.MethodType = gadgets.util.makeEnum([
"GET", "POST", "PUT", "DELETE", "HEAD"
]);
