search

google-code-export / rocket-gwt

Automatically exported from code.google.com/p/rocket-gwt
1 stars 1 forks source link

Rocket Comet #50

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
The CometServerServlet does not escape the data containing apostrophes when
writing out script tags. It uses Utilities.htmlEncode which has the '
handling commented out.

What steps will reproduce the problem?
1. Try to push a string like "x'x"
2. The CometServerServlet will write out:

<script>try{window.parent.__cometDispatch('[2,1,1,[&quot;java.lang.String/200401
6611&quot;,&quot;x'x&quot;],0,4]');}catch(e){}</script>
3. The browser will fail because the script is malformed.

What is the expected output?

The browser fails to process the script and the CometClient is not notified
of the error.

What do you see instead?

The string "x'x" being dispatched on the client

What version of the product are you using? On what operating system?

Rocket 0.56 on Windows using IE

Original issue reported on code.google.com by rich...@zschech.net on 28 Oct 2008 at 4:05

GoogleCodeExporter commented 9 years ago 
thnx

Original comment by miroslav...@gmail.com on 2 Dec 2008 at 8:47