[SOLR-56] PATCH: JSONResponseWriter JSON result wrapper function - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.1.0
Component/s: search
Labels:
None
Environment:

Tested on macosx 10.4.8, JDK 1.5

Description

This patch adds a "json.wrf" parameter to add a wrapper function around the JSON results, for example:

json.wrf = eatJason
search result = eatJason({"header":

{"qtime":0}

,...}))

The result set is sent as a parameter to eatJason instead of being sent as a plain data structure.

This is useful to work around the cross-site limitations of JSON, when a client uses code like

var head = document.getElementsByTagName("head")[0];
script = document.createElement('script');
script.id = 'uploadScript';
script.type = 'text/javascript';
script.src = "http://mysolrserver/solr/select?q=role:video&wt=json&json.wrf=eatJason";
head.appendChild(script)

function eatJason(obj)

{ ...process obj which is Solr's JSON result }

However, I'm no javascript expert, and passing an arbitrary javascript function name in the request parameters feels a bit weird...wondering if this might enable some cross-site scripting scenarios?

But the technique is well-known apparently, see:
http://www.theurer.cc/blog/2005/12/15/web-services-json-dump-your-proxy/
and
http://www.xml.com/pub/a/2005/12/21/json-dynamic-script-tag.html

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

JSONResponseWriter.wrf.patch
18/Oct/06 14:07
2 kB
Bertrand Delacretaz

Activity

People

Assignee:: Yonik Seeley

Reporter:: Bertrand Delacretaz

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 18/Oct/06 14:06

Updated:: 10/May/13 10:41

Resolved:: 18/Oct/06 20:59