Loading ...
Sorry, an error occurred while loading the content.

143RE: [caplet] Fwd: [Caja] secure string interpolation in javascript

Expand Messages
  • Freeman, Tim
    Jan 30, 2008
      Seems like a good idea.
       
      As a user, I'd rather see the SQL problem solved right by having a parser that's more sophisticated than a finite state machine than to not have it solved right.
       
      In the paper, every result from Template is immediately passed to open.  Did I miss one?  If not, then why make people write both?  I'd expect to have "openedTemplate(...blah...)" as an abbreviation for "open(Template(...blah...))", although maybe a name shorter than "openedTemplate" should be selected.
      -----
      Tim Freeman
      Email: tim.freeman@...
      Desk in Palo Alto: (650) 857-2581
      Home: (408) 774-1298
      Cell: (408) 348-7536
       


      From: caplet@yahoogroups.com [mailto:caplet@yahoogroups.com] On Behalf Of Mark Miller
      Sent: Tuesday, January 29, 2008 21:08
      To: The Caplet Group
      Subject: [caplet] Fwd: [Caja] secure string interpolation in javascript

      ---------- Forwarded message ----------
      From: Mike Samuel <mikesamuel@gmail. com>
      Date: Jan 29, 2008 8:15 PM
      Subject: [Caja] secure string interpolation in javascript
      To: Google Caja Discuss <google-caja- discuss@googlegr oups.com>

      http://google- caja.googlecode. com/svn/changes/ mikesamuel/ string-interpola tion-29-Jan- 2008/trunk/ src/js/com/ google/caja/ interp/index. html
      describes a scheme for adding string interpolation to javascript.
      This is meant to allow open-social application developers to write XSS-
      free code, should provide an API that's easily understood by PHP
      developers, and should provide an easy migration path away from code
      that uses string += to compose html.

      --~--~------ ---~--~-- --~------ ------~-- -----~--~ ----~
      You received this message because you are subscribed to
      http://groups. google.com/ group/google- caja-discuss
      To unsubscribe, email google-caja- discuss-unsubscr ibe@googlegroups .com
      -~---------- ~----~--- -~----~-- ----~---- ~------~- -~---

      --
      Text by me above is hereby placed in the public domain

      Cheers,
      --MarkM

    • Show all 6 messages in this topic