Review Board 1.7.22


Replace the unparseable cruft message "throw 1; < don't be evil' >" constant in client and server with a container config

Review Request #5011 - Created May 4, 2012 and submitted

Marshall Shi
SHINDIG-1765
Reviewers
shindig
ddumont, rbaxter, ssievers
shindig
The gadget io request will inject a unparseable cruft message "throw 1; < don't be evil' >" in the response content intentionally for security reasons.
However, this "throw 1; < don't be evil' >" string has been hardcoded in:
features/src/main/javascript/features/core.io/io.js
java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/MakeRequestHandler.java

It would be good to extract the message into a container config, so:
- client and server can reuse the same message.
- Shindig consumers can replace the message with their own. 
Tested by trying a few other messages in the container.js, the replaced message show up in the response correctly.
Review request changed
Updated (May 9, 2012, 11:56 a.m.)
Call for review of the patch. I've done the manual test, the unit test cases also been verified.
Ship it!
Posted (May 10, 2012, 1 p.m.)
LGTM.

Last call for reviewers.  I plan on delivering this patch tomorrow morning if no one else has any comments.
Posted (May 10, 2012, 4:31 p.m.)

   

  
Can we add default value for this config to default container.js file?
  1. I'm not quite sure I follow, Henry. 
  2. This is what happen if you start reviewing patches without getting your coffee =(
    
    I see you already adding new config entry in the config container.js file for the "unparseableCruft".
    
    I thought I saw the "unparseableCruft" is defined in the container feature js file (they have the same name I believe).
    
    sorry, another bad review from me =(
    
Ship it!
Posted (May 10, 2012, 5:12 p.m.)
+1
Ship it!
Posted (May 14, 2012, 12:02 p.m.)
Committed revision 1338171.  Thanks!

Please close this review as submitted.