What steps will reproduce the problem?
1. General security question: see information below
2.
3.
What is the expected output? What do you see instead?
-
What version of the product are you using? On what operating system?
1.0.5-SNAPSHOT on Ubuntu
Please provide any additional information below.
Before using the JSONParser you should be aware that the JSON is safe, because
the JSONParser uses the 'evil' eval function and could execute evil code in
that JSON.
Here is the source:
http://www.gwtproject.org/articles/security_for_gwt_applications.html
Do one has to check the passed JSON (for contained scripts maybe) before
passing this JSON to your deserializer or do you make some checks, too?
Thanks
Original issue reported on code.google.com by andi089...@gmail.com on 16 Jun 2014 at 8:24
Original issue reported on code.google.com by
andi089...@gmail.com
on 16 Jun 2014 at 8:24