Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(267)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 21041: Issue 978: Raw JSON creates vulnerability. Needs wrapping (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
17 years, 1 month ago by MikeSamuel
Modified:
16 years, 8 months ago
Reviewers:
BenL, MarkM
CC:
google-caja-discuss_googlegroups.com
Base URL:
http://google-caja.googlecode.com/svn/trunk/
Visibility:
Public.

Description

From http://code.google.com/p/google-caja/issues/detail?id=978 Our newly provided safe JSON library is JSON safe but not Caja safe. If the JSON string to be parsed includes property names that end in double underscore, JSON will (correctly, by the JSON spec) unparse it. A temporary solution that filters out disallowed property names. Longer term solutions that work better with builtin JSON parsers are discussed in the bug. Reviewed in the issue and submitted @3282

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+31 lines, -2 lines) Patch
M src/com/google/caja/cajita.js View 1 chunk +14 lines, -2 lines 0 comments Download
M tests/com/google/caja/CajitaTest.java View 1 chunk +17 lines, -0 lines 0 comments Download

Messages

Total messages: 2
MikeSamuel
17 years, 1 month ago (2009-02-20 20:29:37 UTC) #1
MarkM
17 years, 1 month ago (2009-02-20 23:30:27 UTC) #2 
LGTM
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b