[Tickets #2565] Re: Gecko Bookmarks extension

bugs at bugs.horde.org bugs at bugs.horde.org
Fri May 25 21:08:34 UTC 2007 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=2565
-----------------------------------------------------------------------
 Ticket             | 2565
 Updated By         | joey at joeyhewitt.com
 Summary            | Gecko Bookmarks extension
 Queue              | Trean
 Type               | Enhancement
 State              | Feedback
 Priority           | 2. Medium
 Owners             | 
-----------------------------------------------------------------------


joey at joeyhewitt.com (2007-05-25 14:08) wrote:

> Several thoughts:
>
>> I also switched to JSON.  I basically just made an interface to the
>> RPC calls I already wrote.  The change wasn't quite as "drop-in"
>> simple as I would have liked, but I've gotten rid of another layer of
>> translation that used to be there for XML-RPC.  I'm kind of hoping
>> :-) that the MacOS bug was caused by using XML-RPC, which was
>> implemented by a built-in Firefox XPCOM component.  Perhaps it was a
>> little different than Windows on the COM side...
>
> If you still rely on the external API methods defined for Trean 
> instead of calling the Trean API directly in json.php, would it make 
> more sense to add a generic JSON backend to Horde's RPC library?

It would.  I had a reason for deciding against implementing JSON-RPC
(pretty much the only RPC-over-JSON standard I saw.) 
(http://json-rpc.org/wiki/specification)  Now I'm not sure why, but I
think it may be that the newest version is still being written up in
specification.  I'll look at it some more.

>
>> I'm still not sure whether JSON is the best way to go, but I'm happy
>> for the moment because it cleaned up the code and may be more
>> efficient.  At the moment slightly more bytes go over the wires
>> because XML-RPC was gzip-compressed, but I don't know how to do that
>> for my JSON code.  Anyone know how to do it?
>
> It's only an issue for reading the bookmarks, right? A 
> Horde::compressOutput() in json.php should probably do that trick 
> then.

Thanks, I'll try that.

>
>> I'd also appreciate some assurance that I got JSON security right.  I
>> understand a comment or "while(1);" at the beginning is enough to
>> stop people from being able to XSS your data.
>
> Should be.
>
> Regarding the AJAX and JSON stuff inside the XPI, I suggest that you 
> use prototype that we use anywhere else in Horde. The most recent 
> version has support for a CSRF protection built in.
> Heck, we could even build the XPI on the fly including the source 
> files directly. Much easier than rebuilding the XPI anytime you 
> change something. I plan to do this for IMP since ages.

This sounds like a good idea to look into.  Where is the source?

Thanks,
Joey

P.S.  Today was my last day of high school, woohoo!  And I'll even have a
week that will be pretty open for working on this ;)

More information about the bugs mailing list