echo "hey, it works"

December 30, 2007 11:23am

Gravity never sleeps (notations that use eval) | Michael Sperberg-McQueen

Posted by michael.twofish tagged javascript, JSON and security
Comments

JSON makes very good use of Javascript’s literal object notation. But it’s a consequence of this fact that a JSON message can conveniently be processed by reading it into a variable and then running eval on the variable. [...] The moment you do this, of course, you expose your code to a Javascript injection attack.

Michael Sperberg-McQueen | Messages in a bottle

I'm really enjoying Michael Sperberg-McQueen's klog. I hope he keeps it up.

December 7, 2007 12:05pm

Using JQuery with Camping

Posted by michael.twofish tagged camping, javascript, jquery, programming and ruby
Comments

Camping is great, yeah. JQuery too. Maybe you want to use them together? Here's how. First, you need to set up a route for your JQuery. I've talked about sending static files with Camping before, so this is just a modification of that. [You can serve static files more sensibly than setting up a route for each type. Maybe one day I'll write about that.] In your controller:


module MyApp::Controllers
  class Index < R '/'
    def get
      render :index
    end
  end
  class JQuery < R '/resources/jquery.js'
    def get
      current_dir = File.expand_path(File.dirname(__FILE__))
      @headers['Content-Type'] = "text/javascript"
      @headers['X-Sendfile'] = "#{current_dir}/resources/jquery.js"
    end
  end
end
...

[read more]

echo "hey, it works" > /dev/null

Gravity never sleeps (notations that use eval) | Michael Sperberg-McQueen

Using JQuery with Camping

Pages:

Tags:

Search:

Feeds:

Meta