[SHINDIG-1765] Replace the unparseable cruft message "throw 1; < don't be evil' >" constant in client and server with a container config - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.5.0
Fix Version/s: 2.5.0-beta2
Component/s: Java
Labels:
None

Description

The gadget io request will inject a unparseable cruft message "throw 1; < don't be evil' >" in the response content intentionally for security reasons.
However, this "throw 1; < don't be evil' >" string has been hardcoded in:
features/src/main/javascript/features/core.io/io.js
java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java

It would be good to extract the message into a container config, so:

client and server can reuse the same message.
Shindig consumers can replace the message with their own.

The new config can be added into gadgets.features.core.io in container.js, as shown below
"gadgets.features" : {
"core.io" : {
// Note: ${Cur['gadgets.uri.proxy.path']} is an open proxy. Be careful how you expose this!
// Note: These urls should be protocol relative (start with //)
"proxyUrl" : "//${Cur['default.domain.unlocked.client']}${Cur['gadgets.uri.proxy.path']}?container=%container%&refresh=%refresh%&url=%url%%rewriteMime%",
"jsonProxyUrl" : "//${Cur['default.domain.locked.client']}${CONTEXT_ROOT}/gadgets/makeRequest",
"unparseableCruft" : "throw 1; < don't be evil' >"
},

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

1765.patch
14/May/12 02:51
9 kB
Marshall Shi

Activity

People

Assignee:: Unassigned

Reporter:: Marshall Shi

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 03/May/12 04:07

Updated:: 30/May/12 12:44

Resolved:: 14/May/12 14:53

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified