Skip to content
This repository has been archived by the owner on Jan 8, 2018. It is now read-only.

Sanitize query param values #19

Open
netil opened this issue Oct 22, 2015 · 0 comments
Open

Sanitize query param values #19

netil opened this issue Oct 22, 2015 · 0 comments
Assignees
@netil
Labels
desktop dev-complete jindo.$Ajax
Milestone
2.12.3

Comments

@netil
Copy link
Member

netil commented Oct 22, 2015 

var oAjax = new $Ajax('server.php', {
    type : 'iframe',
    proxy : 'http://yourdomain/ajax_local_callback.html'
    ...
});

In case of using 'iframe' as a AJAX proxy, it usually used in conjunction with ajax_local_callback.html file as a proxy.

ajax_local_callback.html param values must be checked more strictly to avoid some security issues.
@netil netil self-assigned this Oct 22, 2015
netil added a commit that referenced this issue Oct 22, 2015
@netil
<log>
4553935 
    <bts>https://github.com/naver/jindojs-jindo/issues/19</bts>
    <method>jindo.$Ajax</method>
    <coverage>desktop</coverage>
    <type>1</type>
    <level>1</level>
    <desc><![CDATA[

        // prior to v2.12.2
	    id and domain param values are not checked strictly.

        // latest
	    check id and domain param values if matches with the format.
    ]]></desc>
</log>
@netil netil added this to the 2.12.3 milestone Oct 26, 2015
netil added a commit that referenced this issue Nov 9, 2015
@netil
Applied issue #19, enforcing parameter format check
c62cab6
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@netil netil

Labels
desktop dev-complete jindo.$Ajax
Projects
None yet
Milestone
2.12.3
Development

No branches or pull requests
1 participant
@netil