struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Grobmeier <grobme...@gmail.com>
Subject Re: Comments in JSON
Date Tue, 12 Jul 2011 13:33:35 GMT
Hi again,

I wrote a short blog post how one can deal in jQuery with the Struts 2
returning /* */ json.
http://www.grobmeier.de/json-is-insecure-make-struts-2-and-jquery-vulnerable-safe-12072011.html

In addition I made a similar option available to jjson.googlecode.com
Struts 2 plugin.

I just want to mention to my suggestion below you should not use:
"application/struts-json"

but:
"text/struts-json" or what I use: "text/ext-json"

If you use application/* your action does not return anything.

Hope you like the post.

Cheers,
Christian


On Tue, Jul 12, 2011 at 1:44 PM, Christian Grobmeier
<grobmeier@gmail.com> wrote:
>> Thanks for all the comments and links, now I've got better overview
>> what's the real issue here. My idea was the same, to add some flag to
>> enable / disable comments in the output with default to true.
>
> I could not find the place but as this is not standard json the
> content type of the response header should not be "application/json".
> It should be something else like "application/struts-json" or similar.
> As I found out with a custom content type tools like jQuery might be
> able to add a Converter which is able to correct the invalid string:
> http://api.jquery.com/extending-ajax/#Converters
>
> At the moment the default is application/json which is wrong, when the
> enable comments option is true by default:
> http://svn.apache.org/repos/asf/struts/struts2/trunk/plugins/json/src/main/java/org/apache/struts2/json/SerializationParams.java
>
> I have added a similar feature to my own struts json plugin and
> therefore I will implement such a converter. I will post the result
> (if i manage :-)) later
>
> Cheers,
> Christian
>
>>
>> I'm going to implement it till weekend, if not, Dale you're welcome to
>> do this as I'm going for short vacation.
>>
>>
>> Regards
>> --
>> Łukasz
>> + 48 606 323 122 http://www.lenart.org.pl/
>> Warszawa JUG conference - Confitura http://confitura.pl/
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>> For additional commands, e-mail: dev-help@struts.apache.org
>>
>>
>
>
>
> --
> http://www.grobmeier.de
>



-- 
http://www.grobmeier.de

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message