Review Board 1.7.22

Replace the unparseable cruft message "throw 1; < don't be evil' >" constant in client and server with a container config

Review Request #5011 - Created May 4, 2012 and submitted

Marshall Shi
ddumont, rbaxter, ssievers
The gadget io request will inject a unparseable cruft message "throw 1; < don't be evil' >" in the response content intentionally for security reasons.
However, this "throw 1; < don't be evil' >" string has been hardcoded in:

It would be good to extract the message into a container config, so:
- client and server can reuse the same message.
- Shindig consumers can replace the message with their own. 
Tested by trying a few other messages in the container.js, the replaced message show up in the response correctly.
Review request changed
Updated (May 9, 2012, 11:56 a.m.)
Call for review of the patch. I've done the manual test, the unit test cases also been verified.
Ship it!
Posted (May 10, 2012, 1 p.m.)

Last call for reviewers.  I plan on delivering this patch tomorrow morning if no one else has any comments.
Posted (May 10, 2012, 4:31 p.m.)


Can we add default value for this config to default container.js file?
  1. I'm not quite sure I follow, Henry. 
  2. This is what happen if you start reviewing patches without getting your coffee =(
    I see you already adding new config entry in the config container.js file for the "unparseableCruft".
    I thought I saw the "unparseableCruft" is defined in the container feature js file (they have the same name I believe).
    sorry, another bad review from me =(
Ship it!
Posted (May 10, 2012, 5:12 p.m.)
Ship it!
Posted (May 14, 2012, 12:02 p.m.)
Committed revision 1338171.  Thanks!

Please close this review as submitted.