Webware for Python / Patches / #81 JSON security fix

#81 JSON security fix

Status: closed-accepted

Owner: Christoph Zwerschke

Labels: WebKit (45)

Priority: 5

Updated: 2007-04-22

Created: 2007-04-09

Creator: Piéronne Jean-François

Private: No

Recent study show that JSON protocol may be vulnerable to some form of hacking.
This patch fix this.
There is also a cosmetic update.

References: http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf http://getahead.org/blog/joe/2007/03/05/json_is_not_as_safe_as_people_think_it_is.html

JF

Discussion

Piéronne Jean-François - 2007-04-09

patch for JSONRPCServlet.py

JSONRPCServlet.diff

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Christoph Zwerschke - 2007-04-12

assigned_to: nobody --> cito
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Christoph Zwerschke - 2007-04-12

Logged In: YES
user_id=193957
Originator: NO

Thanks, this will probably be included in Webware 0.9.3.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Christoph Zwerschke - 2007-04-22

status: open --> closed-accepted
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Christoph Zwerschke - 2007-04-22

Logged In: YES
user_id=193957
Originator: NO

This patch has been applied in rev6502.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.