Loading ...
Sorry, an error occurred while loading the content.

Re: [json] Re: IE8 Native JSON Bug

Expand Messages
  • Arthur Blake
    Just saw this come across my automatic updates: http://support.microsoft.com/kb/976662 Perhaps Microsoft has fixed the
    Message 1 of 7 , Feb 25, 2010
    • 0 Attachment
      Just saw this come across my automatic updates:

      http://support.microsoft.com/kb/976662

      <http://support.microsoft.com/kb/976662>Perhaps Microsoft has fixed the
      problem??

      On Tue, Jun 2, 2009 at 3:24 PM, Stephen M. McKamey <stephen@...>wrote:

      >
      >
      > Allen Wirfs-Brock suggested another work-around to the IE8 native JSON
      > issue:
      >
      > Another work-around that is isolated to a single place is to use IE8's
      > "mutable DOM prototypes" support to patch HTMLInputElement.prototype.value
      > so that the bogus "" value is filtered out. For example:
      >
      > ...
      >
      > (function() {
      >
      > var builtInInputValue =
      > Object.getOwnPropertyDescriptor(HTMLInputElement.prototype, "value").get;
      >
      > Object.defineProperty(HTMLInputElement.prototype, "value",
      >
      > { get: function() {
      >
      > var possiblyBad = builtInInputValue.call(this);
      >
      > return possiblyBad === "" ? "" : possiblyBad;
      >
      > }
      >
      > });
      >
      > })();
      >
      > ...
      >
      > A patch like this could be conditionally executed as part of the
      > initialization code of a framework.
      >
      >
      >


      [Non-text portions of this message have been removed]
    • Dennis Gearon
      Wonder about escaping characters using a JSON API. JSON isn t JUST for browsers obviously, (moblie apps or direct B2B) would be the starting list for other
      Message 2 of 7 , Feb 25, 2010
      • 0 Attachment
        Wonder about escaping characters using a JSON API.

        JSON isn't JUST for browsers obviously, (moblie apps or direct B2B) would be the starting list for other uses). But XMLHttpRequests in browsers are a large portion of possible use scenarios.

        So - Is anyone escaping JSON content to prevent XSS from stored data? Are you storing it escaped?

        Dennis Gearon



        Signature Warning

        ----------------

        EARTH has a Right To Life,

        otherwise we all die.



        Read 'Hot, Flat, and Crowded'

        Laugh at http://www.yert.com/film.php

        --- On Thu, 2/25/10, Arthur Blake <arthur.blake@...> wrote:

        From: Arthur Blake <arthur.blake@...>
        Subject: Re: [json] Re: IE8 Native JSON Bug
        To: json@yahoogroups.com
        Date: Thursday, February 25, 2010, 12:59 PM







         









        Just saw this come across my automatic updates:



        http://support. microsoft. com/kb/976662



        <http://support. microsoft. com/kb/976662>Perhaps Microsoft has fixed the

        problem??



        On Tue, Jun 2, 2009 at 3:24 PM, Stephen M. McKamey <stephen@jsonfx. net>wrote:



        >

        >

        > Allen Wirfs-Brock suggested another work-around to the IE8 native JSON

        > issue:

        >

        > Another work-around that is isolated to a single place is to use IE8's

        > "mutable DOM prototypes" support to patch HTMLInputElement. prototype. value

        > so that the bogus "" value is filtered out. For example:

        >

        > ...

        >

        > (function() {

        >

        > var builtInInputValue =

        > Object.getOwnProper tyDescriptor( HTMLInputElement .prototype, "value").get;

        >

        > Object.defineProper ty(HTMLInputElem ent.prototype, "value",

        >

        > { get: function() {

        >

        > var possiblyBad = builtInInputValue. call(this) ;

        >

        > return possiblyBad === "" ? "" : possiblyBad;

        >

        > }

        >

        > });

        >

        > })();

        >

        > ...

        >

        > A patch like this could be conditionally executed as part of the

        > initialization code of a framework.

        >

        >

        >



        [Non-text portions of this message have been removed]






















        [Non-text portions of this message have been removed]
      Your message has been successfully submitted and would be delivered to recipients shortly.