Struts 2
  1. Struts 2
  2. WW-3736

Client Validation is broken for Struts2 themes

    Details

      Description

      Since Version 2.3.1 the Client Validation for Struts2 Themes is broken.
      Because the StrutsUtils.getValidationErrors Methos in utils.js expected an commented JSON String.

      StrutsUtils.getValidationErrors = function(data) {
      if(data.indexOf("/* {") === 0)

      { return eval("( " + data.substring(2, data.length - 2) + " )"); }

      else

      { return null; }


      };

        Activity

        Hide
        Daniele Armellini added a comment -

        Is it ok to substitute the code above with the following function?

        StrutsUtils.getValidationErrors = function(data) {
          if(data.indexOf("{") === 0) {
            return eval("( " + data + " )");
          } else {
            return null;
          }  
        };
        

        It seems to work but there could be some kind of security issue with this solution?

        Show
        Daniele Armellini added a comment - Is it ok to substitute the code above with the following function? StrutsUtils.getValidationErrors = function (data) { if (data.indexOf("{") === 0) { return eval("( " + data + " )"); } else { return null ; } }; It seems to work but there could be some kind of security issue with this solution?
        Hide
        Johannes Geppert added a comment -

        I've added an additional check if data is an javascript object. Which should be true, because since version 2.3.1 Struts returned an valid JSON Object.

        Else the result is handled like before. So we should also be backward compatible.

        StrutsUtils.getValidationErrors = function(data) {
            if (typeof data === "object") {
                return data;
            }
            else {
                if (data.indexOf("/* {") === 0) {
                    return eval("( " + data.substring(2, data.length - 2) + " )");
                } else {
                    return null;
                }
            }
        };
        
        Show
        Johannes Geppert added a comment - I've added an additional check if data is an javascript object. Which should be true, because since version 2.3.1 Struts returned an valid JSON Object. Else the result is handled like before. So we should also be backward compatible. StrutsUtils.getValidationErrors = function(data) { if (typeof data === "object" ) { return data; } else { if (data.indexOf( "/* {" ) === 0) { return eval( "( " + data.substring(2, data.length - 2) + " )" ); } else { return null ; } } };
        Hide
        Dave Newton added a comment -

        Any objection to changing the code to:

        StrutsUtils.getValidationErrors = function(data) {
           if (typeof data === "object") {
               return data;
           }
        
           if (data.indexOf("/* {") === 0) {
               return eval("( " + data.substring(2, data.length - 2) + " )");
           }
           
           return null;
        };
        
        Show
        Dave Newton added a comment - Any objection to changing the code to: StrutsUtils.getValidationErrors = function (data) { if ( typeof data === "object") { return data; } if (data.indexOf("/* {") === 0) { return eval("( " + data.substring(2, data.length - 2) + " )"); } return null ; };
        Hide
        Hudson added a comment -

        Integrated in Struts2 #411 (See https://builds.apache.org/job/Struts2/411/)
        WW-3736: Client Validation is broken for Struts2 themes

        jogep :
        Files :

        • /struts/struts2/trunk/core/src/main/resources/org/apache/struts2/static/utils.js
        Show
        Hudson added a comment - Integrated in Struts2 #411 (See https://builds.apache.org/job/Struts2/411/ ) WW-3736 : Client Validation is broken for Struts2 themes jogep : Files : /struts/struts2/trunk/core/src/main/resources/org/apache/struts2/static/utils.js

          People

          • Assignee:
            Johannes Geppert
            Reporter:
            Johannes Geppert
          • Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development