XSS warning with datasource

[GoogleCodeExporter]

ISC_DataBinding.js displays an XSS warning when the application is deployed on 
the standard 80 port number.

This is due to the fact the the Javascript compares a port number value  
undefined with the window.location.port which is an empty value:

isc.A.isLocalURL=function isc_c_RPCManager_isLocalURL(_1){
var 
_2=this.$59w(_1),_3=_2[0],_4=_2[1];return(_3=="localhost"||_3==this.getWindow().
location.hostname)&&_4==this.getWindow().location.port
}

there should be an additional check that considers undefined value equal to 
empty string
(_4==this.getWindow().location.port || (_4==undefined && 
this.getWindow().location.port == ''))

What steps will reproduce the problem?
1. Deploy an application on default port 80 (http://youhost/myapp
2. the home page of your app should contain a ListGrid with a datasource using 
a dataURL such as GWT.getModuleBaseURL() + "/datasource?action=xyz"

3. Accessing your app should display the warning

4. Deploy the same app on port 8080 for example
5. Accessing you app should no more display the warning

Original issue reported on code.google.com by eric.laf...@gmail.com on 21 Oct 2010 at 1:42

[GoogleCodeExporter]

Fixed, please pick up the next nightly build.

Original comment by sanjiv.j...@gmail.com on 26 Oct 2010 at 2:49

• Changed state: Fixed
• Added labels: SmartGWT-2.4