[Tickets #2565] Re: Gecko Bookmarks extension
bugs at bugs.horde.org
bugs at bugs.horde.org
Mon May 28 08:11:37 UTC 2007
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=2565
-----------------------------------------------------------------------
Ticket | 2565
Updated By | Jan Schneider <jan at horde.org>
Summary | Gecko Bookmarks extension
Queue | Trean
Type | Enhancement
State | Feedback
Priority | 2. Medium
Owners |
-----------------------------------------------------------------------
Jan Schneider <jan at horde.org> (2007-05-28 01:11) wrote:
> OK, can you think of a way I can transparently implement security? I
> only know of putting something at the beginning of the JSON, so that
> we can strip it off but nobody else can because they can't read it
> directly. Unfortunately, I'm guessing this will break the JSON-RPC
> spec.
It might break the specs indeed, but take a look at how it is implemented
with IMP/prototype. In imp/lib/IMP.php, IMP::sendHTTPResponse(), the json
code is encapsulated in "/*-secure- */".
prototype (horde/js/src/prototype.js) automatically filters the comments
out, see Prototype.JSONFilter and String.unfilterJSON().
More information about the bugs
mailing list