Hello Everyone, I upgraded to 1.5.1 today and I have run into a problem: automatic JSON evaluation has stopped working. On the server side I use Catalyst, an MVC framework for perl. I use Catalyst::View::JSON to turn my perl data structures in to JSON. Here is what my response headers look like: Response Headers Connection close Date Mon, 21 May 2007 15:12:54 GMT Content-Length 984 Content-Type application/javascript; charset=utf-8 Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; path=/; expires=Mon, 21-May-2007 17:12:54 GMT Status 200 X-Catalyst 5.7007 X-JSON eval("("+this.transport.responseText+")") The JSON is actually in the response body. I had to subclassed my JSON view to spit out application/javascript, because the default content-type (application/json) is not listed in the prototype documentation as one that will cause prototype to auto evaluate the reponse. I have tried turning off the X-JSON header to see if that was a problem, but it still doesn''t work. Any ideas? Thanks in advance. -stephan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
Stephan Ellis
2007-May-21 15:48 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
Was my post deleted? Dupe? On 5/21/07, smellis <stephan.ellis-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > Hello Everyone, > > I upgraded to 1.5.1 today and I have run into a problem: automatic > JSON evaluation has stopped working. On the server side I use > Catalyst, an MVC framework for perl. I use Catalyst::View::JSON to > turn my perl data structures in to JSON. Here is what my response > headers look like: > > Response Headers > Connection close > Date Mon, 21 May 2007 15:12:54 GMT > Content-Length 984 > Content-Type application/javascript; charset=utf-8 > Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; > path=/; expires=Mon, 21-May-2007 17:12:54 GMT > Status 200 > X-Catalyst 5.7007 > X-JSON eval("("+this.transport.responseText+")") > > The JSON is actually in the response body. I had to subclassed my > JSON view to spit out application/javascript, because the default > content-type (application/json) is not listed in the prototype > documentation as one that will cause prototype to auto evaluate the > reponse. I have tried turning off the X-JSON header to see if that > was a problem, but it still doesn''t work. Any ideas? Thanks in > advance. -stephan > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
David Dashifen Kees
2007-May-21 16:21 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
The problem is how you''re sending information in the X-JSON header. Prototype will try to automatically evaluate anything in the X-JSON header assuming that it is a JSON string. You''re X-JSON header is not a JSON string but rather another call to eval() so the internal Prototype String.evalJSON() function is probably your failure point. Instead, either make "var json = transport.responseText.evalJSON(true)" the first line of your callback function, or make sure that your X-JSON header is *only* a JSON string. Also, you should be aware that Prototype 1.5.1 added security features to help avoid the execution of JSON with invalid code or malicious code within it. As a result, JSON created and passed around by prototype has /*-secure- before your JSON and */ after it. If you use the String.evalJSON() function to parse your information, you might need to explicitly add these strings before and after your JSON to evaluate it properly. - Dash - smellis wrote:> Hello Everyone, > > I upgraded to 1.5.1 today and I have run into a problem: automatic > JSON evaluation has stopped working. On the server side I use > Catalyst, an MVC framework for perl. I use Catalyst::View::JSON to > turn my perl data structures in to JSON. Here is what my response > headers look like: > > Response Headers > Connection close > Date Mon, 21 May 2007 15:12:54 GMT > Content-Length 984 > Content-Type application/javascript; charset=utf-8 > Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; > path=/; expires=Mon, 21-May-2007 17:12:54 GMT > Status 200 > X-Catalyst 5.7007 > X-JSON eval("("+this.transport.responseText+")") > > The JSON is actually in the response body. I had to subclassed my > JSON view to spit out application/javascript, because the default > content-type (application/json) is not listed in the prototype > documentation as one that will cause prototype to auto evaluate the > reponse. I have tried turning off the X-JSON header to see if that > was a problem, but it still doesn''t work. Any ideas? Thanks in > advance. -stephan > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
Stephan Ellis
2007-May-21 17:39 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
Dash, Thanks for the reply. Are you saying that I have to evaluate the reponseText myself if the JSON is in the response body? I configured my application to not send the X-JSON header, but prototype is still not evaluating the response body. Thanks, -stephan On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > The problem is how you''re sending information in the X-JSON header. > Prototype will try to automatically evaluate anything in the X-JSON > header assuming that it is a JSON string. You''re X-JSON header is not a > JSON string but rather another call to eval() so the internal Prototype > String.evalJSON() function is probably your failure point. > > Instead, either make "var json = transport.responseText.evalJSON(true)" > the first line of your callback function, or make sure that your X-JSON > header is *only* a JSON string. > > Also, you should be aware that Prototype 1.5.1 added security features > to help avoid the execution of JSON with invalid code or malicious code > within it. As a result, JSON created and passed around by prototype has > /*-secure- before your JSON and */ after it. If you use the > String.evalJSON() function to parse your information, you might need to > explicitly add these strings before and after your JSON to evaluate it > properly. > > - Dash - > > smellis wrote: > > Hello Everyone, > > > > I upgraded to 1.5.1 today and I have run into a problem: automatic > > JSON evaluation has stopped working. On the server side I use > > Catalyst, an MVC framework for perl. I use Catalyst::View::JSON to > > turn my perl data structures in to JSON. Here is what my response > > headers look like: > > > > Response Headers > > Connection close > > Date Mon, 21 May 2007 15:12:54 GMT > > Content-Length 984 > > Content-Type application/javascript; charset=utf-8 > > Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; > > path=/; expires=Mon, 21-May-2007 17:12:54 GMT > > Status 200 > > X-Catalyst 5.7007 > > X-JSON eval("("+this.transport.responseText+")") > > > > The JSON is actually in the response body. I had to subclassed my > > JSON view to spit out application/javascript, because the default > > content-type (application/json) is not listed in the prototype > > documentation as one that will cause prototype to auto evaluate the > > reponse. I have tried turning off the X-JSON header to see if that > > was a problem, but it still doesn''t work. Any ideas? Thanks in > > advance. -stephan > > > > > > > > > > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
David Dashifen Kees
2007-May-21 18:25 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
Yes. If your JSON is in the response body, you will have to evaluate it yourself. It must be the framework you''re using which is creating the X-JSON header, perhaps? For example: new Ajax.Request("some_page.php", { parameters: {id: 6}, onComplete: function(xhr) { var json = xhr.responseText.evalJSON(true); /* ... do something else ... */ } }); You''re responseText should then be valid JSON. For more information, see http://prototypejs.org/api/string/evaljson. - Dash - Stephan Ellis wrote:> Dash, > Thanks for the reply. Are you saying that I have to evaluate the > reponseText myself if the JSON is in the response body? I configured my > application to not send the X-JSON header, but prototype is still not > evaluating the response body. > > Thanks, > -stephan > > On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >> The problem is how you''re sending information in the X-JSON header. >> Prototype will try to automatically evaluate anything in the X-JSON >> header assuming that it is a JSON string. You''re X-JSON header is not a >> JSON string but rather another call to eval() so the internal Prototype >> String.evalJSON() function is probably your failure point. >> >> Instead, either make "var json = transport.responseText.evalJSON(true)" >> the first line of your callback function, or make sure that your X-JSON >> header is *only* a JSON string. >> >> Also, you should be aware that Prototype 1.5.1 added security features >> to help avoid the execution of JSON with invalid code or malicious code >> within it. As a result, JSON created and passed around by prototype has >> /*-secure- before your JSON and */ after it. If you use the >> String.evalJSON() function to parse your information, you might need to >> explicitly add these strings before and after your JSON to evaluate it >> properly. >> >> - Dash - >> >> smellis wrote: >> >>> Hello Everyone, >>> >>> I upgraded to 1.5.1 today and I have run into a problem: automatic >>> JSON evaluation has stopped working. On the server side I use >>> Catalyst, an MVC framework for perl. I use Catalyst::View::JSON to >>> turn my perl data structures in to JSON. Here is what my response >>> headers look like: >>> >>> Response Headers >>> Connection close >>> Date Mon, 21 May 2007 15:12:54 GMT >>> Content-Length 984 >>> Content-Type application/javascript; charset=utf-8 >>> Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; >>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT >>> Status 200 >>> X-Catalyst 5.7007 >>> X-JSON eval("("+this.transport.responseText+")") >>> >>> The JSON is actually in the response body. I had to subclassed my >>> JSON view to spit out application/javascript, because the default >>> content-type (application/json) is not listed in the prototype >>> documentation as one that will cause prototype to auto evaluate the >>> reponse. I have tried turning off the X-JSON header to see if that >>> was a problem, but it still doesn''t work. Any ideas? Thanks in >>> advance. -stephan >>> >>> >>> >>> > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
Stephan Ellis
2007-May-21 18:38 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
Yes, my framework, specifically my view that generates JSON sticks the X-JSON header in to accommodate prototype. I guess to rephrase my question, if I turn on the X-JSON header, is it supposed to automatically eval the response body? Sorry if I seem like I have a thick skull :) Thanks a bunch... -stephan On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > Yes. If your JSON is in the response body, you will have to evaluate it > yourself. It must be the framework you''re using which is creating the > X-JSON header, perhaps? For example: > > new Ajax.Request("some_page.php", { > parameters: {id: 6}, > onComplete: function(xhr) { > var json = xhr.responseText.evalJSON(true); > /* ... do something else ... */ > } > }); > > You''re responseText should then be valid JSON. For more information, > see http://prototypejs.org/api/string/evaljson. > > - Dash - > > Stephan Ellis wrote: > > Dash, > > Thanks for the reply. Are you saying that I have to evaluate the > > reponseText myself if the JSON is in the response body? I configured my > > application to not send the X-JSON header, but prototype is still not > > evaluating the response body. > > > > Thanks, > > -stephan > > > > On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > >> The problem is how you''re sending information in the X-JSON header. > >> Prototype will try to automatically evaluate anything in the X-JSON > >> header assuming that it is a JSON string. You''re X-JSON header is not > a > >> JSON string but rather another call to eval() so the internal Prototype > >> String.evalJSON() function is probably your failure point. > >> > >> Instead, either make "var json = transport.responseText.evalJSON(true)" > >> the first line of your callback function, or make sure that your X-JSON > >> header is *only* a JSON string. > >> > >> Also, you should be aware that Prototype 1.5.1 added security features > >> to help avoid the execution of JSON with invalid code or malicious code > >> within it. As a result, JSON created and passed around by prototype > has > >> /*-secure- before your JSON and */ after it. If you use the > >> String.evalJSON() function to parse your information, you might need to > >> explicitly add these strings before and after your JSON to evaluate it > >> properly. > >> > >> - Dash - > >> > >> smellis wrote: > >> > >>> Hello Everyone, > >>> > >>> I upgraded to 1.5.1 today and I have run into a problem: automatic > >>> JSON evaluation has stopped working. On the server side I use > >>> Catalyst, an MVC framework for perl. I use Catalyst::View::JSON to > >>> turn my perl data structures in to JSON. Here is what my response > >>> headers look like: > >>> > >>> Response Headers > >>> Connection close > >>> Date Mon, 21 May 2007 15:12:54 GMT > >>> Content-Length 984 > >>> Content-Type application/javascript; charset=utf-8 > >>> Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; > >>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT > >>> Status 200 > >>> X-Catalyst 5.7007 > >>> X-JSON eval("("+this.transport.responseText+")") > >>> > >>> The JSON is actually in the response body. I had to subclassed my > >>> JSON view to spit out application/javascript, because the default > >>> content-type (application/json) is not listed in the prototype > >>> documentation as one that will cause prototype to auto evaluate the > >>> reponse. I have tried turning off the X-JSON header to see if that > >>> was a problem, but it still doesn''t work. Any ideas? Thanks in > >>> advance. -stephan > >>> > >>> > >>> > >>> > > > > > > > > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
David Dashifen Kees
2007-May-21 18:47 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
No. If you put in the X-JSON header, then it tries to automatically evaluate the contents of the X-JSON header. The only thing you can do to get an auto evaluation of the response body is to use the evalScripts option of the Ajax.Updater object to automatically evaluate and javascript blocks (from <script> to </script>) which exist within your response body. The timing will be interesting, though. I think that the scripts are evaluated between onSuccess and onComplete, so you can access an object or function created within a response body only from within the onComplete callback and then only if you can get the scope of the created object/function to include the scope of the callback (i.e., use global variables). All in all, I''m not sure what your framework is doing, but if you want automatic JSON evaluation, your best bet is probably to put a JSON string in the X-JSON header. If you send JSON back as the response body, there''s no real easy way to make sure it''s evaluated properly. - Dash - Stephan Ellis wrote:> Yes, my framework, specifically my view that generates JSON sticks the > X-JSON header in to accommodate prototype. I guess to rephrase my question, > if I turn on the X-JSON header, is it supposed to automatically eval the > response body? Sorry if I seem like I have a thick skull :) Thanks a > bunch... > -stephan > > On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >> Yes. If your JSON is in the response body, you will have to evaluate it >> yourself. It must be the framework you''re using which is creating the >> X-JSON header, perhaps? For example: >> >> new Ajax.Request("some_page.php", { >> parameters: {id: 6}, >> onComplete: function(xhr) { >> var json = xhr.responseText.evalJSON(true); >> /* ... do something else ... */ >> } >> }); >> >> You''re responseText should then be valid JSON. For more information, >> see http://prototypejs.org/api/string/evaljson. >> >> - Dash - >> >> Stephan Ellis wrote: >> >>> Dash, >>> Thanks for the reply. Are you saying that I have to evaluate the >>> reponseText myself if the JSON is in the response body? I configured my >>> application to not send the X-JSON header, but prototype is still not >>> evaluating the response body. >>> >>> Thanks, >>> -stephan >>> >>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >>> >>> >>>> The problem is how you''re sending information in the X-JSON header. >>>> Prototype will try to automatically evaluate anything in the X-JSON >>>> header assuming that it is a JSON string. You''re X-JSON header is not >>>> >> a >> >>>> JSON string but rather another call to eval() so the internal Prototype >>>> String.evalJSON() function is probably your failure point. >>>> >>>> Instead, either make "var json = transport.responseText.evalJSON(true)" >>>> the first line of your callback function, or make sure that your X-JSON >>>> header is *only* a JSON string. >>>> >>>> Also, you should be aware that Prototype 1.5.1 added security features >>>> to help avoid the execution of JSON with invalid code or malicious code >>>> within it. As a result, JSON created and passed around by prototype >>>> >> has >> >>>> /*-secure- before your JSON and */ after it. If you use the >>>> String.evalJSON() function to parse your information, you might need to >>>> explicitly add these strings before and after your JSON to evaluate it >>>> properly. >>>> >>>> - Dash - >>>> >>>> smellis wrote: >>>> >>>> >>>>> Hello Everyone, >>>>> >>>>> I upgraded to 1.5.1 today and I have run into a problem: automatic >>>>> JSON evaluation has stopped working. On the server side I use >>>>> Catalyst, an MVC framework for perl. I use Catalyst::View::JSON to >>>>> turn my perl data structures in to JSON. Here is what my response >>>>> headers look like: >>>>> >>>>> Response Headers >>>>> Connection close >>>>> Date Mon, 21 May 2007 15:12:54 GMT >>>>> Content-Length 984 >>>>> Content-Type application/javascript; charset=utf-8 >>>>> Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; >>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT >>>>> Status 200 >>>>> X-Catalyst 5.7007 >>>>> X-JSON eval("("+this.transport.responseText+")") >>>>> >>>>> The JSON is actually in the response body. I had to subclassed my >>>>> JSON view to spit out application/javascript, because the default >>>>> content-type (application/json) is not listed in the prototype >>>>> documentation as one that will cause prototype to auto evaluate the >>>>> reponse. I have tried turning off the X-JSON header to see if that >>>>> was a problem, but it still doesn''t work. Any ideas? Thanks in >>>>> advance. -stephan >>>>> >>>>> >>>>> >>>>> >>>>> >>> > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
Tom Gregory
2007-May-21 18:50 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
The value of the X-JSON header and whether the response body is evaluated are separate concerns. If the X-JSON header is present, and evals to a json object, it''s passed as the second parameter to onSuccess, et al. e.x. onSuccess (transport, json) { // ... } The eval of the response body is based on the "Content-type" header. If you poke around the code from svn, you''ll find these lines in ajax.js: var contentType = this.getHeader(''Content-type''); if (contentType && contentType.strip(). match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i)) this.evalResponse(); // ... // ... evalResponse: function() { try { return eval((this.transport.responseText || '''').unfilterJSON()); } catch (e) { this.dispatchException(e); } } Does that make things any clearer? TAG On May 21, 2007, at 12:38 PM, Stephan Ellis wrote:> Yes, my framework, specifically my view that generates JSON sticks > the X-JSON header in to accommodate prototype. I guess to rephrase > my question, if I turn on the X-JSON header, is it supposed to > automatically eval the response body? Sorry if I seem like I have > a thick skull :) Thanks a bunch... > -stephan > > On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > Yes. If your JSON is in the response body, you will have to > evaluate it > yourself. It must be the framework you''re using which is creating the > X-JSON header, perhaps? For example: > > new Ajax.Request("some_page.php", { > parameters: {id: 6}, > onComplete: function(xhr) { > var json = xhr.responseText.evalJSON(true); > /* ... do something else ... */ > } > }); > > You''re responseText should then be valid JSON. For more information, > see http://prototypejs.org/api/string/evaljson. > > - Dash - > > Stephan Ellis wrote: > > Dash, > > Thanks for the reply. Are you saying that I have to evaluate the > > reponseText myself if the JSON is in the response body? I > configured my > > application to not send the X-JSON header, but prototype is still > not > > evaluating the response body. > > > > Thanks, > > -stephan > > > > On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > >> The problem is how you''re sending information in the X-JSON header. > >> Prototype will try to automatically evaluate anything in the X-JSON > >> header assuming that it is a JSON string. You''re X-JSON header > is not a > >> JSON string but rather another call to eval() so the internal > Prototype > >> String.evalJSON() function is probably your failure point. > >> > >> Instead, either make "var json = transport.responseText.evalJSON > (true)" > >> the first line of your callback function, or make sure that your > X-JSON > >> header is *only* a JSON string. > >> > >> Also, you should be aware that Prototype 1.5.1 added security > features > >> to help avoid the execution of JSON with invalid code or > malicious code > >> within it. As a result, JSON created and passed around by > prototype has > >> /*-secure- before your JSON and */ after it. If you use the > >> String.evalJSON() function to parse your information, you might > need to > >> explicitly add these strings before and after your JSON to > evaluate it > >> properly. > >> > >> - Dash - > >> > >> smellis wrote: > >> > >>> Hello Everyone, > >>> > >>> I upgraded to 1.5.1 today and I have run into a problem: > automatic > >>> JSON evaluation has stopped working. On the server side I use > >>> Catalyst, an MVC framework for perl. I use > Catalyst::View::JSON to > >>> turn my perl data structures in to JSON. Here is what my response > >>> headers look like: > >>> > >>> Response Headers > >>> Connection close > >>> Date Mon, 21 May 2007 15:12:54 GMT > >>> Content-Length 984 > >>> Content-Type application/javascript; charset=utf-8 > >>> Set-Cookie > bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; > >>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT > >>> Status 200 > >>> X-Catalyst 5.7007 > >>> X-JSON eval("("+this.transport.responseText+")") > >>> > >>> The JSON is actually in the response body. I had to subclassed my > >>> JSON view to spit out application/javascript, because the default > >>> content-type (application/json) is not listed in the prototype > >>> documentation as one that will cause prototype to auto evaluate > the > >>> reponse. I have tried turning off the X-JSON header to see if > that > >>> was a problem, but it still doesn''t work. Any ideas? Thanks in > >>> advance. -stephan > >>> > >>> > >>> > >>> > > > > > > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
David Dashifen Kees
2007-May-21 18:54 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
Wow ... I didn''t know that about the content-type of the response body. Thanks. - Dash - Tom Gregory wrote:> The value of the X-JSON header and whether the response body is > evaluated are separate concerns. If the X-JSON header is present, and > evals to a json object, it''s passed as the second parameter to > onSuccess, et al. > > e.x. > onSuccess (transport, json) { > // ... > } > > The eval of the response body is based on the "Content-type" header. > If you poke around the code from svn, you''ll find these lines in > ajax.js: > > var contentType = this.getHeader(''Content-type''); > if (contentType && contentType.strip(). > match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i)) > this.evalResponse(); > // ... > > // ... > evalResponse: function() { > try { > return eval((this.transport.responseText || '''').unfilterJSON()); > } catch (e) { > this.dispatchException(e); > } > } > > Does that make things any clearer? > > > TAG > > On May 21, 2007, at 12:38 PM, Stephan Ellis wrote: > > >> Yes, my framework, specifically my view that generates JSON sticks >> the X-JSON header in to accommodate prototype. I guess to rephrase >> my question, if I turn on the X-JSON header, is it supposed to >> automatically eval the response body? Sorry if I seem like I have >> a thick skull :) Thanks a bunch... >> -stephan >> >> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >> >> Yes. If your JSON is in the response body, you will have to >> evaluate it >> yourself. It must be the framework you''re using which is creating the >> X-JSON header, perhaps? For example: >> >> new Ajax.Request("some_page.php", { >> parameters: {id: 6}, >> onComplete: function(xhr) { >> var json = xhr.responseText.evalJSON(true); >> /* ... do something else ... */ >> } >> }); >> >> You''re responseText should then be valid JSON. For more information, >> see http://prototypejs.org/api/string/evaljson. >> >> - Dash - >> >> Stephan Ellis wrote: >> >>> Dash, >>> Thanks for the reply. Are you saying that I have to evaluate the >>> reponseText myself if the JSON is in the response body? I >>> >> configured my >> >>> application to not send the X-JSON header, but prototype is still >>> >> not >> >>> evaluating the response body. >>> >>> Thanks, >>> -stephan >>> >>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >>> >>> >>>> The problem is how you''re sending information in the X-JSON header. >>>> Prototype will try to automatically evaluate anything in the X-JSON >>>> header assuming that it is a JSON string. You''re X-JSON header >>>> >> is not a >> >>>> JSON string but rather another call to eval() so the internal >>>> >> Prototype >> >>>> String.evalJSON() function is probably your failure point. >>>> >>>> Instead, either make "var json = transport.responseText.evalJSON >>>> >> (true)" >> >>>> the first line of your callback function, or make sure that your >>>> >> X-JSON >> >>>> header is *only* a JSON string. >>>> >>>> Also, you should be aware that Prototype 1.5.1 added security >>>> >> features >> >>>> to help avoid the execution of JSON with invalid code or >>>> >> malicious code >> >>>> within it. As a result, JSON created and passed around by >>>> >> prototype has >> >>>> /*-secure- before your JSON and */ after it. If you use the >>>> String.evalJSON() function to parse your information, you might >>>> >> need to >> >>>> explicitly add these strings before and after your JSON to >>>> >> evaluate it >> >>>> properly. >>>> >>>> - Dash - >>>> >>>> smellis wrote: >>>> >>>> >>>>> Hello Everyone, >>>>> >>>>> I upgraded to 1.5.1 today and I have run into a problem: >>>>> >> automatic >> >>>>> JSON evaluation has stopped working. On the server side I use >>>>> Catalyst, an MVC framework for perl. I use >>>>> >> Catalyst::View::JSON to >> >>>>> turn my perl data structures in to JSON. Here is what my response >>>>> headers look like: >>>>> >>>>> Response Headers >>>>> Connection close >>>>> Date Mon, 21 May 2007 15:12:54 GMT >>>>> Content-Length 984 >>>>> Content-Type application/javascript; charset=utf-8 >>>>> Set-Cookie >>>>> >> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; >> >>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT >>>>> Status 200 >>>>> X-Catalyst 5.7007 >>>>> X-JSON eval("("+this.transport.responseText+")") >>>>> >>>>> The JSON is actually in the response body. I had to subclassed my >>>>> JSON view to spit out application/javascript, because the default >>>>> content-type (application/json) is not listed in the prototype >>>>> documentation as one that will cause prototype to auto evaluate >>>>> >> the >> >>>>> reponse. I have tried turning off the X-JSON header to see if >>>>> >> that >> >>>>> was a problem, but it still doesn''t work. Any ideas? Thanks in >>>>> advance. -stephan >>>>> >>>>> >>>>> >>>>> >>>>> >>> >>> > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
Stephan Ellis
2007-May-21 19:38 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
OK, so I went over the code, and it appears that as long as the X-JSON header does not exist and my Content-type is application/javascript and my json in the response body is wrapped with: /*-secure- (some whitespace) [json data here](some more whitespace) */ It should evaluated the response body. Am I wrong? -stephan On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > Wow ... I didn''t know that about the content-type of the response body. > Thanks. > - Dash - > > Tom Gregory wrote: > > The value of the X-JSON header and whether the response body is > > evaluated are separate concerns. If the X-JSON header is present, and > > evals to a json object, it''s passed as the second parameter to > > onSuccess, et al. > > > > e.x. > > onSuccess (transport, json) { > > // ... > > } > > > > The eval of the response body is based on the "Content-type" header. > > If you poke around the code from svn, you''ll find these lines in > > ajax.js: > > > > var contentType = this.getHeader(''Content-type''); > > if (contentType && contentType.strip(). > > match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i)) > > this.evalResponse(); > > // ... > > > > // ... > > evalResponse: function() { > > try { > > return eval((this.transport.responseText || '''').unfilterJSON()); > > } catch (e) { > > this.dispatchException(e); > > } > > } > > > > Does that make things any clearer? > > > > > > TAG > > > > On May 21, 2007, at 12:38 PM, Stephan Ellis wrote: > > > > > >> Yes, my framework, specifically my view that generates JSON sticks > >> the X-JSON header in to accommodate prototype. I guess to rephrase > >> my question, if I turn on the X-JSON header, is it supposed to > >> automatically eval the response body? Sorry if I seem like I have > >> a thick skull :) Thanks a bunch... > >> -stephan > >> > >> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >> > >> Yes. If your JSON is in the response body, you will have to > >> evaluate it > >> yourself. It must be the framework you''re using which is creating the > >> X-JSON header, perhaps? For example: > >> > >> new Ajax.Request("some_page.php", { > >> parameters: {id: 6}, > >> onComplete: function(xhr) { > >> var json = xhr.responseText.evalJSON(true); > >> /* ... do something else ... */ > >> } > >> }); > >> > >> You''re responseText should then be valid JSON. For more information, > >> see http://prototypejs.org/api/string/evaljson. > >> > >> - Dash - > >> > >> Stephan Ellis wrote: > >> > >>> Dash, > >>> Thanks for the reply. Are you saying that I have to evaluate the > >>> reponseText myself if the JSON is in the response body? I > >>> > >> configured my > >> > >>> application to not send the X-JSON header, but prototype is still > >>> > >> not > >> > >>> evaluating the response body. > >>> > >>> Thanks, > >>> -stephan > >>> > >>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >>> > >>> > >>>> The problem is how you''re sending information in the X-JSON header. > >>>> Prototype will try to automatically evaluate anything in the X-JSON > >>>> header assuming that it is a JSON string. You''re X-JSON header > >>>> > >> is not a > >> > >>>> JSON string but rather another call to eval() so the internal > >>>> > >> Prototype > >> > >>>> String.evalJSON() function is probably your failure point. > >>>> > >>>> Instead, either make "var json = transport.responseText.evalJSON > >>>> > >> (true)" > >> > >>>> the first line of your callback function, or make sure that your > >>>> > >> X-JSON > >> > >>>> header is *only* a JSON string. > >>>> > >>>> Also, you should be aware that Prototype 1.5.1 added security > >>>> > >> features > >> > >>>> to help avoid the execution of JSON with invalid code or > >>>> > >> malicious code > >> > >>>> within it. As a result, JSON created and passed around by > >>>> > >> prototype has > >> > >>>> /*-secure- before your JSON and */ after it. If you use the > >>>> String.evalJSON() function to parse your information, you might > >>>> > >> need to > >> > >>>> explicitly add these strings before and after your JSON to > >>>> > >> evaluate it > >> > >>>> properly. > >>>> > >>>> - Dash - > >>>> > >>>> smellis wrote: > >>>> > >>>> > >>>>> Hello Everyone, > >>>>> > >>>>> I upgraded to 1.5.1 today and I have run into a problem: > >>>>> > >> automatic > >> > >>>>> JSON evaluation has stopped working. On the server side I use > >>>>> Catalyst, an MVC framework for perl. I use > >>>>> > >> Catalyst::View::JSON to > >> > >>>>> turn my perl data structures in to JSON. Here is what my response > >>>>> headers look like: > >>>>> > >>>>> Response Headers > >>>>> Connection close > >>>>> Date Mon, 21 May 2007 15:12:54 GMT > >>>>> Content-Length 984 > >>>>> Content-Type application/javascript; charset=utf-8 > >>>>> Set-Cookie > >>>>> > >> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; > >> > >>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT > >>>>> Status 200 > >>>>> X-Catalyst 5.7007 > >>>>> X-JSON eval("("+this.transport.responseText+")") > >>>>> > >>>>> The JSON is actually in the response body. I had to subclassed my > >>>>> JSON view to spit out application/javascript, because the default > >>>>> content-type (application/json) is not listed in the prototype > >>>>> documentation as one that will cause prototype to auto evaluate > >>>>> > >> the > >> > >>>>> reponse. I have tried turning off the X-JSON header to see if > >>>>> > >> that > >> > >>>>> was a problem, but it still doesn''t work. Any ideas? Thanks in > >>>>> advance. -stephan > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>> > >>> > > > > > > > > > > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
David Dashifen Kees
2007-May-21 20:34 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
Looks good to me. - Dash - Stephan Ellis wrote:> OK, so I went over the code, and it appears that as long as the X-JSON > header does not exist and my Content-type is application/javascript and my > json in the response body is wrapped with: > > /*-secure- (some whitespace) [json data here](some more whitespace) */ > > It should evaluated the response body. Am I wrong? > > -stephan > > On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >> Wow ... I didn''t know that about the content-type of the response body. >> Thanks. >> - Dash - >> >> Tom Gregory wrote: >> >>> The value of the X-JSON header and whether the response body is >>> evaluated are separate concerns. If the X-JSON header is present, and >>> evals to a json object, it''s passed as the second parameter to >>> onSuccess, et al. >>> >>> e.x. >>> onSuccess (transport, json) { >>> // ... >>> } >>> >>> The eval of the response body is based on the "Content-type" header. >>> If you poke around the code from svn, you''ll find these lines in >>> ajax.js: >>> >>> var contentType = this.getHeader(''Content-type''); >>> if (contentType && contentType.strip(). >>> match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i)) >>> this.evalResponse(); >>> // ... >>> >>> // ... >>> evalResponse: function() { >>> try { >>> return eval((this.transport.responseText || '''').unfilterJSON()); >>> } catch (e) { >>> this.dispatchException(e); >>> } >>> } >>> >>> Does that make things any clearer? >>> >>> >>> TAG >>> >>> On May 21, 2007, at 12:38 PM, Stephan Ellis wrote: >>> >>> >>> >>>> Yes, my framework, specifically my view that generates JSON sticks >>>> the X-JSON header in to accommodate prototype. I guess to rephrase >>>> my question, if I turn on the X-JSON header, is it supposed to >>>> automatically eval the response body? Sorry if I seem like I have >>>> a thick skull :) Thanks a bunch... >>>> -stephan >>>> >>>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >>>> >>>> Yes. If your JSON is in the response body, you will have to >>>> evaluate it >>>> yourself. It must be the framework you''re using which is creating the >>>> X-JSON header, perhaps? For example: >>>> >>>> new Ajax.Request("some_page.php", { >>>> parameters: {id: 6}, >>>> onComplete: function(xhr) { >>>> var json = xhr.responseText.evalJSON(true); >>>> /* ... do something else ... */ >>>> } >>>> }); >>>> >>>> You''re responseText should then be valid JSON. For more information, >>>> see http://prototypejs.org/api/string/evaljson. >>>> >>>> - Dash - >>>> >>>> Stephan Ellis wrote: >>>> >>>> >>>>> Dash, >>>>> Thanks for the reply. Are you saying that I have to evaluate the >>>>> reponseText myself if the JSON is in the response body? I >>>>> >>>>> >>>> configured my >>>> >>>> >>>>> application to not send the X-JSON header, but prototype is still >>>>> >>>>> >>>> not >>>> >>>> >>>>> evaluating the response body. >>>>> >>>>> Thanks, >>>>> -stephan >>>>> >>>>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >>>>> >>>>> >>>>> >>>>>> The problem is how you''re sending information in the X-JSON header. >>>>>> Prototype will try to automatically evaluate anything in the X-JSON >>>>>> header assuming that it is a JSON string. You''re X-JSON header >>>>>> >>>>>> >>>> is not a >>>> >>>> >>>>>> JSON string but rather another call to eval() so the internal >>>>>> >>>>>> >>>> Prototype >>>> >>>> >>>>>> String.evalJSON() function is probably your failure point. >>>>>> >>>>>> Instead, either make "var json = transport.responseText.evalJSON >>>>>> >>>>>> >>>> (true)" >>>> >>>> >>>>>> the first line of your callback function, or make sure that your >>>>>> >>>>>> >>>> X-JSON >>>> >>>> >>>>>> header is *only* a JSON string. >>>>>> >>>>>> Also, you should be aware that Prototype 1.5.1 added security >>>>>> >>>>>> >>>> features >>>> >>>> >>>>>> to help avoid the execution of JSON with invalid code or >>>>>> >>>>>> >>>> malicious code >>>> >>>> >>>>>> within it. As a result, JSON created and passed around by >>>>>> >>>>>> >>>> prototype has >>>> >>>> >>>>>> /*-secure- before your JSON and */ after it. If you use the >>>>>> String.evalJSON() function to parse your information, you might >>>>>> >>>>>> >>>> need to >>>> >>>> >>>>>> explicitly add these strings before and after your JSON to >>>>>> >>>>>> >>>> evaluate it >>>> >>>> >>>>>> properly. >>>>>> >>>>>> - Dash - >>>>>> >>>>>> smellis wrote: >>>>>> >>>>>> >>>>>> >>>>>>> Hello Everyone, >>>>>>> >>>>>>> I upgraded to 1.5.1 today and I have run into a problem: >>>>>>> >>>>>>> >>>> automatic >>>> >>>> >>>>>>> JSON evaluation has stopped working. On the server side I use >>>>>>> Catalyst, an MVC framework for perl. I use >>>>>>> >>>>>>> >>>> Catalyst::View::JSON to >>>> >>>> >>>>>>> turn my perl data structures in to JSON. Here is what my response >>>>>>> headers look like: >>>>>>> >>>>>>> Response Headers >>>>>>> Connection close >>>>>>> Date Mon, 21 May 2007 15:12:54 GMT >>>>>>> Content-Length 984 >>>>>>> Content-Type application/javascript; charset=utf-8 >>>>>>> Set-Cookie >>>>>>> >>>>>>> >>>> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; >>>> >>>> >>>>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT >>>>>>> Status 200 >>>>>>> X-Catalyst 5.7007 >>>>>>> X-JSON eval("("+this.transport.responseText+")") >>>>>>> >>>>>>> The JSON is actually in the response body. I had to subclassed my >>>>>>> JSON view to spit out application/javascript, because the default >>>>>>> content-type (application/json) is not listed in the prototype >>>>>>> documentation as one that will cause prototype to auto evaluate >>>>>>> >>>>>>> >>>> the >>>> >>>> >>>>>>> reponse. I have tried turning off the X-JSON header to see if >>>>>>> >>>>>>> >>>> that >>>> >>>> >>>>>>> was a problem, but it still doesn''t work. Any ideas? Thanks in >>>>>>> advance. -stephan >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> >>> >>> > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
Stephan Ellis
2007-May-21 20:48 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
OK, so let me show you (according to firebug) the response prototype is getting from my application. Response Headers Connection close Date Mon, 21 May 2007 19:54:31 GMT Content-Length 998 Content-Type application/javascript; charset=utf-8 Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; path=/; expires=Mon, 21-May-2007 21:54:31 GMT Status 200 X-Catalyst 5.7007 Response Body /*-secure- {"path_json":[],"files_json":[{"versions":1,"newest_id":64,"is_image":"y","date_added":"04-09-2007 14:54:50","name":"Water lilies.jpg","id":59,"date_newest":"04-09-2007 14:54:50"},{"versions":1,"newest_id" :66,"is_image":"y","date_added":"04-11-2007 15:56:15","name":"Blue hills.jpg","id":61,"date_newest":"04-11-2007 15:56:15"}],"folders_json":[{"folders":0,"date":"03-29-2007 19:34:16","files":0,"name":"Billy","id" :22},{"folders":0,"date":"03-29-2007 19:34:45","files":0,"name":"Kendall","id":24},{"folders":0,"date" :"03-29-2007 19:35:01","files":0,"name":"Nothing","id":25},{"folders":2,"date":"03-29-2007 19:31:49" ,"files":0,"name":"DB","id":16},{"folders":1,"date":"03-29-2007 19:34:11","files":6,"name":"Angus","id" :21},{"folders":2,"date":"03-29-2007 19:34:29","files":0,"name":"Tanya","id":23},{"folders":2,"date" :"03-29-2007 20:34:37","files":0,"name":"Another folder","id":56},{"folders":2,"date":"04-03-2007 15 :42:23","files":20,"name":"Smellis","id":89}],"parent_json":""} */ So, does everyone agree that this should be working? I am lost. On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > Looks good to me. > - Dash - > > Stephan Ellis wrote: > > OK, so I went over the code, and it appears that as long as the X-JSON > > header does not exist and my Content-type is application/javascript and my > > json in the response body is wrapped with: > > > > /*-secure- (some whitespace) [json data here](some more whitespace) */ > > > > It should evaluated the response body. Am I wrong? > > > > -stephan > > > > On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > >> Wow ... I didn''t know that about the content-type of the response body. > >> Thanks. > >> - Dash - > >> > >> Tom Gregory wrote: > >> > >>> The value of the X-JSON header and whether the response body is > >>> evaluated are separate concerns. If the X-JSON header is present, and > >>> evals to a json object, it''s passed as the second parameter to > >>> onSuccess, et al. > >>> > >>> e.x. > >>> onSuccess (transport, json) { > >>> // ... > >>> } > >>> > >>> The eval of the response body is based on the "Content-type" header. > >>> If you poke around the code from svn, you''ll find these lines in > >>> ajax.js: > >>> > >>> var contentType = this.getHeader(''Content-type''); > >>> if (contentType && contentType.strip(). > >>> match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i)) > >>> this.evalResponse(); > >>> // ... > >>> > >>> // ... > >>> evalResponse: function() { > >>> try { > >>> return eval((this.transport.responseText || '''').unfilterJSON()); > >>> } catch (e) { > >>> this.dispatchException(e); > >>> } > >>> } > >>> > >>> Does that make things any clearer? > >>> > >>> > >>> TAG > >>> > >>> On May 21, 2007, at 12:38 PM, Stephan Ellis wrote: > >>> > >>> > >>> > >>>> Yes, my framework, specifically my view that generates JSON sticks > >>>> the X-JSON header in to accommodate prototype. I guess to rephrase > >>>> my question, if I turn on the X-JSON header, is it supposed to > >>>> automatically eval the response body? Sorry if I seem like I have > >>>> a thick skull :) Thanks a bunch... > >>>> -stephan > >>>> > >>>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >>>> > >>>> Yes. If your JSON is in the response body, you will have to > >>>> evaluate it > >>>> yourself. It must be the framework you''re using which is creating the > >>>> X-JSON header, perhaps? For example: > >>>> > >>>> new Ajax.Request("some_page.php", { > >>>> parameters: {id: 6}, > >>>> onComplete: function(xhr) { > >>>> var json = xhr.responseText.evalJSON(true); > >>>> /* ... do something else ... */ > >>>> } > >>>> }); > >>>> > >>>> You''re responseText should then be valid JSON. For more information, > >>>> see http://prototypejs.org/api/string/evaljson. > >>>> > >>>> - Dash - > >>>> > >>>> Stephan Ellis wrote: > >>>> > >>>> > >>>>> Dash, > >>>>> Thanks for the reply. Are you saying that I have to evaluate the > >>>>> reponseText myself if the JSON is in the response body? I > >>>>> > >>>>> > >>>> configured my > >>>> > >>>> > >>>>> application to not send the X-JSON header, but prototype is still > >>>>> > >>>>> > >>>> not > >>>> > >>>> > >>>>> evaluating the response body. > >>>>> > >>>>> Thanks, > >>>>> -stephan > >>>>> > >>>>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >>>>> > >>>>> > >>>>> > >>>>>> The problem is how you''re sending information in the X-JSON header. > >>>>>> Prototype will try to automatically evaluate anything in the X-JSON > >>>>>> header assuming that it is a JSON string. You''re X-JSON header > >>>>>> > >>>>>> > >>>> is not a > >>>> > >>>> > >>>>>> JSON string but rather another call to eval() so the internal > >>>>>> > >>>>>> > >>>> Prototype > >>>> > >>>> > >>>>>> String.evalJSON() function is probably your failure point. > >>>>>> > >>>>>> Instead, either make "var json = transport.responseText.evalJSON > >>>>>> > >>>>>> > >>>> (true)" > >>>> > >>>> > >>>>>> the first line of your callback function, or make sure that your > >>>>>> > >>>>>> > >>>> X-JSON > >>>> > >>>> > >>>>>> header is *only* a JSON string. > >>>>>> > >>>>>> Also, you should be aware that Prototype 1.5.1 added security > >>>>>> > >>>>>> > >>>> features > >>>> > >>>> > >>>>>> to help avoid the execution of JSON with invalid code or > >>>>>> > >>>>>> > >>>> malicious code > >>>> > >>>> > >>>>>> within it. As a result, JSON created and passed around by > >>>>>> > >>>>>> > >>>> prototype has > >>>> > >>>> > >>>>>> /*-secure- before your JSON and */ after it. If you use the > >>>>>> String.evalJSON() function to parse your information, you might > >>>>>> > >>>>>> > >>>> need to > >>>> > >>>> > >>>>>> explicitly add these strings before and after your JSON to > >>>>>> > >>>>>> > >>>> evaluate it > >>>> > >>>> > >>>>>> properly. > >>>>>> > >>>>>> - Dash - > >>>>>> > >>>>>> smellis wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>>> Hello Everyone, > >>>>>>> > >>>>>>> I upgraded to 1.5.1 today and I have run into a problem: > >>>>>>> > >>>>>>> > >>>> automatic > >>>> > >>>> > >>>>>>> JSON evaluation has stopped working. On the server side I use > >>>>>>> Catalyst, an MVC framework for perl. I use > >>>>>>> > >>>>>>> > >>>> Catalyst::View::JSON to > >>>> > >>>> > >>>>>>> turn my perl data structures in to JSON. Here is what my response > >>>>>>> headers look like: > >>>>>>> > >>>>>>> Response Headers > >>>>>>> Connection close > >>>>>>> Date Mon, 21 May 2007 15:12:54 GMT > >>>>>>> Content-Length 984 > >>>>>>> Content-Type application/javascript; charset=utf-8 > >>>>>>> Set-Cookie > >>>>>>> > >>>>>>> > >>>> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; > >>>> > >>>> > >>>>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT > >>>>>>> Status 200 > >>>>>>> X-Catalyst 5.7007 > >>>>>>> X-JSON eval("("+this.transport.responseText+")") > >>>>>>> > >>>>>>> The JSON is actually in the response body. I had to subclassed my > >>>>>>> JSON view to spit out application/javascript, because the default > >>>>>>> content-type (application/json) is not listed in the prototype > >>>>>>> documentation as one that will cause prototype to auto evaluate > >>>>>>> > >>>>>>> > >>>> the > >>>> > >>>> > >>>>>>> reponse. I have tried turning off the X-JSON header to see if > >>>>>>> > >>>>>>> > >>>> that > >>>> > >>>> > >>>>>>> was a problem, but it still doesn''t work. Any ideas? Thanks in > >>>>>>> advance. -stephan > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>> > >>> > >>> > > > > > > > > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
David Dashifen Kees
2007-May-21 21:03 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
When I try to evaluate your JSON using Firebug, it tells me there''s an invalid label in there somewhere. - Dash - Stephan Ellis wrote:> OK, so let me show you (according to firebug) the response prototype > is getting from my application. > > Response Headers > Connection close > Date Mon, 21 May 2007 19:54:31 GMT > Content-Length 998 > Content-Type application/javascript; charset=utf-8 > Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; > path=/; expires=Mon, 21-May-2007 21:54:31 GMT > Status 200 > X-Catalyst 5.7007 > > Response Body > /*-secure- {"path_json":[],"files_json":[{"versions":1,"newest_id":64,"is_image":"y","date_added":"04-09-2007 > 14:54:50","name":"Water lilies.jpg","id":59,"date_newest":"04-09-2007 > 14:54:50"},{"versions":1,"newest_id" > :66,"is_image":"y","date_added":"04-11-2007 15:56:15","name":"Blue > hills.jpg","id":61,"date_newest":"04-11-2007 > 15:56:15"}],"folders_json":[{"folders":0,"date":"03-29-2007 > 19:34:16","files":0,"name":"Billy","id" > :22},{"folders":0,"date":"03-29-2007 > 19:34:45","files":0,"name":"Kendall","id":24},{"folders":0,"date" > :"03-29-2007 19:35:01","files":0,"name":"Nothing","id":25},{"folders":2,"date":"03-29-2007 > 19:31:49" > ,"files":0,"name":"DB","id":16},{"folders":1,"date":"03-29-2007 > 19:34:11","files":6,"name":"Angus","id" > :21},{"folders":2,"date":"03-29-2007 > 19:34:29","files":0,"name":"Tanya","id":23},{"folders":2,"date" > :"03-29-2007 20:34:37","files":0,"name":"Another > folder","id":56},{"folders":2,"date":"04-03-2007 15 > :42:23","files":20,"name":"Smellis","id":89}],"parent_json":""} */ > > So, does everyone agree that this should be working? I am lost. > > > On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >> Looks good to me. >> - Dash - >> >> Stephan Ellis wrote: >> >>> OK, so I went over the code, and it appears that as long as the X-JSON >>> header does not exist and my Content-type is application/javascript and my >>> json in the response body is wrapped with: >>> >>> /*-secure- (some whitespace) [json data here](some more whitespace) */ >>> >>> It should evaluated the response body. Am I wrong? >>> >>> -stephan >>> >>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >>> >>> >>>> Wow ... I didn''t know that about the content-type of the response body. >>>> Thanks. >>>> - Dash - >>>> >>>> Tom Gregory wrote: >>>> >>>> >>>>> The value of the X-JSON header and whether the response body is >>>>> evaluated are separate concerns. If the X-JSON header is present, and >>>>> evals to a json object, it''s passed as the second parameter to >>>>> onSuccess, et al. >>>>> >>>>> e.x. >>>>> onSuccess (transport, json) { >>>>> // ... >>>>> } >>>>> >>>>> The eval of the response body is based on the "Content-type" header. >>>>> If you poke around the code from svn, you''ll find these lines in >>>>> ajax.js: >>>>> >>>>> var contentType = this.getHeader(''Content-type''); >>>>> if (contentType && contentType.strip(). >>>>> match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i)) >>>>> this.evalResponse(); >>>>> // ... >>>>> >>>>> // ... >>>>> evalResponse: function() { >>>>> try { >>>>> return eval((this.transport.responseText || '''').unfilterJSON()); >>>>> } catch (e) { >>>>> this.dispatchException(e); >>>>> } >>>>> } >>>>> >>>>> Does that make things any clearer? >>>>> >>>>> >>>>> TAG >>>>> >>>>> On May 21, 2007, at 12:38 PM, Stephan Ellis wrote: >>>>> >>>>> >>>>> >>>>> >>>>>> Yes, my framework, specifically my view that generates JSON sticks >>>>>> the X-JSON header in to accommodate prototype. I guess to rephrase >>>>>> my question, if I turn on the X-JSON header, is it supposed to >>>>>> automatically eval the response body? Sorry if I seem like I have >>>>>> a thick skull :) Thanks a bunch... >>>>>> -stephan >>>>>> >>>>>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >>>>>> >>>>>> Yes. If your JSON is in the response body, you will have to >>>>>> evaluate it >>>>>> yourself. It must be the framework you''re using which is creating the >>>>>> X-JSON header, perhaps? For example: >>>>>> >>>>>> new Ajax.Request("some_page.php", { >>>>>> parameters: {id: 6}, >>>>>> onComplete: function(xhr) { >>>>>> var json = xhr.responseText.evalJSON(true); >>>>>> /* ... do something else ... */ >>>>>> } >>>>>> }); >>>>>> >>>>>> You''re responseText should then be valid JSON. For more information, >>>>>> see http://prototypejs.org/api/string/evaljson. >>>>>> >>>>>> - Dash - >>>>>> >>>>>> Stephan Ellis wrote: >>>>>> >>>>>> >>>>>> >>>>>>> Dash, >>>>>>> Thanks for the reply. Are you saying that I have to evaluate the >>>>>>> reponseText myself if the JSON is in the response body? I >>>>>>> >>>>>>> >>>>>>> >>>>>> configured my >>>>>> >>>>>> >>>>>> >>>>>>> application to not send the X-JSON header, but prototype is still >>>>>>> >>>>>>> >>>>>>> >>>>>> not >>>>>> >>>>>> >>>>>> >>>>>>> evaluating the response body. >>>>>>> >>>>>>> Thanks, >>>>>>> -stephan >>>>>>> >>>>>>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> The problem is how you''re sending information in the X-JSON header. >>>>>>>> Prototype will try to automatically evaluate anything in the X-JSON >>>>>>>> header assuming that it is a JSON string. You''re X-JSON header >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> is not a >>>>>> >>>>>> >>>>>> >>>>>>>> JSON string but rather another call to eval() so the internal >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> Prototype >>>>>> >>>>>> >>>>>> >>>>>>>> String.evalJSON() function is probably your failure point. >>>>>>>> >>>>>>>> Instead, either make "var json = transport.responseText.evalJSON >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> (true)" >>>>>> >>>>>> >>>>>> >>>>>>>> the first line of your callback function, or make sure that your >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> X-JSON >>>>>> >>>>>> >>>>>> >>>>>>>> header is *only* a JSON string. >>>>>>>> >>>>>>>> Also, you should be aware that Prototype 1.5.1 added security >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> features >>>>>> >>>>>> >>>>>> >>>>>>>> to help avoid the execution of JSON with invalid code or >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> malicious code >>>>>> >>>>>> >>>>>> >>>>>>>> within it. As a result, JSON created and passed around by >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> prototype has >>>>>> >>>>>> >>>>>> >>>>>>>> /*-secure- before your JSON and */ after it. If you use the >>>>>>>> String.evalJSON() function to parse your information, you might >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> need to >>>>>> >>>>>> >>>>>> >>>>>>>> explicitly add these strings before and after your JSON to >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> evaluate it >>>>>> >>>>>> >>>>>> >>>>>>>> properly. >>>>>>>> >>>>>>>> - Dash - >>>>>>>> >>>>>>>> smellis wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Hello Everyone, >>>>>>>>> >>>>>>>>> I upgraded to 1.5.1 today and I have run into a problem: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> automatic >>>>>> >>>>>> >>>>>> >>>>>>>>> JSON evaluation has stopped working. On the server side I use >>>>>>>>> Catalyst, an MVC framework for perl. I use >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> Catalyst::View::JSON to >>>>>> >>>>>> >>>>>> >>>>>>>>> turn my perl data structures in to JSON. Here is what my response >>>>>>>>> headers look like: >>>>>>>>> >>>>>>>>> Response Headers >>>>>>>>> Connection close >>>>>>>>> Date Mon, 21 May 2007 15:12:54 GMT >>>>>>>>> Content-Length 984 >>>>>>>>> Content-Type application/javascript; charset=utf-8 >>>>>>>>> Set-Cookie >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; >>>>>> >>>>>> >>>>>> >>>>>>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT >>>>>>>>> Status 200 >>>>>>>>> X-Catalyst 5.7007 >>>>>>>>> X-JSON eval("("+this.transport.responseText+")") >>>>>>>>> >>>>>>>>> The JSON is actually in the response body. I had to subclassed my >>>>>>>>> JSON view to spit out application/javascript, because the default >>>>>>>>> content-type (application/json) is not listed in the prototype >>>>>>>>> documentation as one that will cause prototype to auto evaluate >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> the >>>>>> >>>>>> >>>>>> >>>>>>>>> reponse. I have tried turning off the X-JSON header to see if >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> that >>>>>> >>>>>> >>>>>> >>>>>>>>> was a problem, but it still doesn''t work. Any ideas? Thanks in >>>>>>>>> advance. -stephan >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>> >>> > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
Stephan Ellis
2007-May-21 21:11 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
Hmm, interesting. Did you remove the /*-secure- */ part? It works perfectly with 1.5.0 -stephan On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > When I try to evaluate your JSON using Firebug, it tells me there''s an > invalid label in there somewhere. > > - Dash - > > Stephan Ellis wrote: > > OK, so let me show you (according to firebug) the response prototype > > is getting from my application. > > > > Response Headers > > Connection close > > Date Mon, 21 May 2007 19:54:31 GMT > > Content-Length 998 > > Content-Type application/javascript; charset=utf-8 > > Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; > > path=/; expires=Mon, 21-May-2007 21:54:31 GMT > > Status 200 > > X-Catalyst 5.7007 > > > > Response Body > > /*-secure- {"path_json":[],"files_json":[{"versions":1,"newest_id":64,"is_image":"y","date_added":"04-09-2007 > > 14:54:50","name":"Water lilies.jpg","id":59,"date_newest":"04-09-2007 > > 14:54:50"},{"versions":1,"newest_id" > > :66,"is_image":"y","date_added":"04-11-2007 15:56:15","name":"Blue > > hills.jpg","id":61,"date_newest":"04-11-2007 > > 15:56:15"}],"folders_json":[{"folders":0,"date":"03-29-2007 > > 19:34:16","files":0,"name":"Billy","id" > > :22},{"folders":0,"date":"03-29-2007 > > 19:34:45","files":0,"name":"Kendall","id":24},{"folders":0,"date" > > :"03-29-2007 19:35:01","files":0,"name":"Nothing","id":25},{"folders":2,"date":"03-29-2007 > > 19:31:49" > > ,"files":0,"name":"DB","id":16},{"folders":1,"date":"03-29-2007 > > 19:34:11","files":6,"name":"Angus","id" > > :21},{"folders":2,"date":"03-29-2007 > > 19:34:29","files":0,"name":"Tanya","id":23},{"folders":2,"date" > > :"03-29-2007 20:34:37","files":0,"name":"Another > > folder","id":56},{"folders":2,"date":"04-03-2007 15 > > :42:23","files":20,"name":"Smellis","id":89}],"parent_json":""} */ > > > > So, does everyone agree that this should be working? I am lost. > > > > > > On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > >> Looks good to me. > >> - Dash - > >> > >> Stephan Ellis wrote: > >> > >>> OK, so I went over the code, and it appears that as long as the X-JSON > >>> header does not exist and my Content-type is application/javascript and my > >>> json in the response body is wrapped with: > >>> > >>> /*-secure- (some whitespace) [json data here](some more whitespace) */ > >>> > >>> It should evaluated the response body. Am I wrong? > >>> > >>> -stephan > >>> > >>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >>> > >>> > >>>> Wow ... I didn''t know that about the content-type of the response body. > >>>> Thanks. > >>>> - Dash - > >>>> > >>>> Tom Gregory wrote: > >>>> > >>>> > >>>>> The value of the X-JSON header and whether the response body is > >>>>> evaluated are separate concerns. If the X-JSON header is present, and > >>>>> evals to a json object, it''s passed as the second parameter to > >>>>> onSuccess, et al. > >>>>> > >>>>> e.x. > >>>>> onSuccess (transport, json) { > >>>>> // ... > >>>>> } > >>>>> > >>>>> The eval of the response body is based on the "Content-type" header. > >>>>> If you poke around the code from svn, you''ll find these lines in > >>>>> ajax.js: > >>>>> > >>>>> var contentType = this.getHeader(''Content-type''); > >>>>> if (contentType && contentType.strip(). > >>>>> match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i)) > >>>>> this.evalResponse(); > >>>>> // ... > >>>>> > >>>>> // ... > >>>>> evalResponse: function() { > >>>>> try { > >>>>> return eval((this.transport.responseText || '''').unfilterJSON()); > >>>>> } catch (e) { > >>>>> this.dispatchException(e); > >>>>> } > >>>>> } > >>>>> > >>>>> Does that make things any clearer? > >>>>> > >>>>> > >>>>> TAG > >>>>> > >>>>> On May 21, 2007, at 12:38 PM, Stephan Ellis wrote: > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>> Yes, my framework, specifically my view that generates JSON sticks > >>>>>> the X-JSON header in to accommodate prototype. I guess to rephrase > >>>>>> my question, if I turn on the X-JSON header, is it supposed to > >>>>>> automatically eval the response body? Sorry if I seem like I have > >>>>>> a thick skull :) Thanks a bunch... > >>>>>> -stephan > >>>>>> > >>>>>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >>>>>> > >>>>>> Yes. If your JSON is in the response body, you will have to > >>>>>> evaluate it > >>>>>> yourself. It must be the framework you''re using which is creating the > >>>>>> X-JSON header, perhaps? For example: > >>>>>> > >>>>>> new Ajax.Request("some_page.php", { > >>>>>> parameters: {id: 6}, > >>>>>> onComplete: function(xhr) { > >>>>>> var json = xhr.responseText.evalJSON(true); > >>>>>> /* ... do something else ... */ > >>>>>> } > >>>>>> }); > >>>>>> > >>>>>> You''re responseText should then be valid JSON. For more information, > >>>>>> see http://prototypejs.org/api/string/evaljson. > >>>>>> > >>>>>> - Dash - > >>>>>> > >>>>>> Stephan Ellis wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>>> Dash, > >>>>>>> Thanks for the reply. Are you saying that I have to evaluate the > >>>>>>> reponseText myself if the JSON is in the response body? I > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> configured my > >>>>>> > >>>>>> > >>>>>> > >>>>>>> application to not send the X-JSON header, but prototype is still > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> not > >>>>>> > >>>>>> > >>>>>> > >>>>>>> evaluating the response body. > >>>>>>> > >>>>>>> Thanks, > >>>>>>> -stephan > >>>>>>> > >>>>>>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>> The problem is how you''re sending information in the X-JSON header. > >>>>>>>> Prototype will try to automatically evaluate anything in the X-JSON > >>>>>>>> header assuming that it is a JSON string. You''re X-JSON header > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>> is not a > >>>>>> > >>>>>> > >>>>>> > >>>>>>>> JSON string but rather another call to eval() so the internal > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>> Prototype > >>>>>> > >>>>>> > >>>>>> > >>>>>>>> String.evalJSON() function is probably your failure point. > >>>>>>>> > >>>>>>>> Instead, either make "var json = transport.responseText.evalJSON > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>> (true)" > >>>>>> > >>>>>> > >>>>>> > >>>>>>>> the first line of your callback function, or make sure that your > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>> X-JSON > >>>>>> > >>>>>> > >>>>>> > >>>>>>>> header is *only* a JSON string. > >>>>>>>> > >>>>>>>> Also, you should be aware that Prototype 1.5.1 added security > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>> features > >>>>>> > >>>>>> > >>>>>> > >>>>>>>> to help avoid the execution of JSON with invalid code or > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>> malicious code > >>>>>> > >>>>>> > >>>>>> > >>>>>>>> within it. As a result, JSON created and passed around by > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>> prototype has > >>>>>> > >>>>>> > >>>>>> > >>>>>>>> /*-secure- before your JSON and */ after it. If you use the > >>>>>>>> String.evalJSON() function to parse your information, you might > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>> need to > >>>>>> > >>>>>> > >>>>>> > >>>>>>>> explicitly add these strings before and after your JSON to > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>> evaluate it > >>>>>> > >>>>>> > >>>>>> > >>>>>>>> properly. > >>>>>>>> > >>>>>>>> - Dash - > >>>>>>>> > >>>>>>>> smellis wrote: > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> Hello Everyone, > >>>>>>>>> > >>>>>>>>> I upgraded to 1.5.1 today and I have run into a problem: > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>> automatic > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> JSON evaluation has stopped working. On the server side I use > >>>>>>>>> Catalyst, an MVC framework for perl. I use > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>> Catalyst::View::JSON to > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> turn my perl data structures in to JSON. Here is what my response > >>>>>>>>> headers look like: > >>>>>>>>> > >>>>>>>>> Response Headers > >>>>>>>>> Connection close > >>>>>>>>> Date Mon, 21 May 2007 15:12:54 GMT > >>>>>>>>> Content-Length 984 > >>>>>>>>> Content-Type application/javascript; charset=utf-8 > >>>>>>>>> Set-Cookie > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT > >>>>>>>>> Status 200 > >>>>>>>>> X-Catalyst 5.7007 > >>>>>>>>> X-JSON eval("("+this.transport.responseText+")") > >>>>>>>>> > >>>>>>>>> The JSON is actually in the response body. I had to subclassed my > >>>>>>>>> JSON view to spit out application/javascript, because the default > >>>>>>>>> content-type (application/json) is not listed in the prototype > >>>>>>>>> documentation as one that will cause prototype to auto evaluate > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>> the > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> reponse. I have tried turning off the X-JSON header to see if > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>> that > >>>>>> > >>>>>> > >>>>>> > >>>>>>>>> was a problem, but it still doesn''t work. Any ideas? Thanks in > >>>>>>>>> advance. -stephan > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>> > >>> > > > > > > > > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
David Dashifen Kees
2007-May-21 21:29 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
Yes, I removed the security filter. But that you say it works in 1.5.0 probably means that the whitespace google inserted was screwing things up. What''s going wrong with your app? What error is being thrown? - Dash - Stephan Ellis wrote:> Hmm, interesting. Did you remove the /*-secure- */ part? It works > perfectly with 1.5.0 -stephan > > On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >> When I try to evaluate your JSON using Firebug, it tells me there''s an >> invalid label in there somewhere. >> >> - Dash - >> >> Stephan Ellis wrote: >> >>> OK, so let me show you (according to firebug) the response prototype >>> is getting from my application. >>> >>> Response Headers >>> Connection close >>> Date Mon, 21 May 2007 19:54:31 GMT >>> Content-Length 998 >>> Content-Type application/javascript; charset=utf-8 >>> Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; >>> path=/; expires=Mon, 21-May-2007 21:54:31 GMT >>> Status 200 >>> X-Catalyst 5.7007 >>> >>> Response Body >>> /*-secure- {"path_json":[],"files_json":[{"versions":1,"newest_id":64,"is_image":"y","date_added":"04-09-2007 >>> 14:54:50","name":"Water lilies.jpg","id":59,"date_newest":"04-09-2007 >>> 14:54:50"},{"versions":1,"newest_id" >>> :66,"is_image":"y","date_added":"04-11-2007 15:56:15","name":"Blue >>> hills.jpg","id":61,"date_newest":"04-11-2007 >>> 15:56:15"}],"folders_json":[{"folders":0,"date":"03-29-2007 >>> 19:34:16","files":0,"name":"Billy","id" >>> :22},{"folders":0,"date":"03-29-2007 >>> 19:34:45","files":0,"name":"Kendall","id":24},{"folders":0,"date" >>> :"03-29-2007 19:35:01","files":0,"name":"Nothing","id":25},{"folders":2,"date":"03-29-2007 >>> 19:31:49" >>> ,"files":0,"name":"DB","id":16},{"folders":1,"date":"03-29-2007 >>> 19:34:11","files":6,"name":"Angus","id" >>> :21},{"folders":2,"date":"03-29-2007 >>> 19:34:29","files":0,"name":"Tanya","id":23},{"folders":2,"date" >>> :"03-29-2007 20:34:37","files":0,"name":"Another >>> folder","id":56},{"folders":2,"date":"04-03-2007 15 >>> :42:23","files":20,"name":"Smellis","id":89}],"parent_json":""} */ >>> >>> So, does everyone agree that this should be working? I am lost. >>> >>> >>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >>> >>> >>>> Looks good to me. >>>> - Dash - >>>> >>>> Stephan Ellis wrote: >>>> >>>> >>>>> OK, so I went over the code, and it appears that as long as the X-JSON >>>>> header does not exist and my Content-type is application/javascript and my >>>>> json in the response body is wrapped with: >>>>> >>>>> /*-secure- (some whitespace) [json data here](some more whitespace) */ >>>>> >>>>> It should evaluated the response body. Am I wrong? >>>>> >>>>> -stephan >>>>> >>>>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >>>>> >>>>> >>>>> >>>>>> Wow ... I didn''t know that about the content-type of the response body. >>>>>> Thanks. >>>>>> - Dash - >>>>>> >>>>>> Tom Gregory wrote: >>>>>> >>>>>> >>>>>> >>>>>>> The value of the X-JSON header and whether the response body is >>>>>>> evaluated are separate concerns. If the X-JSON header is present, and >>>>>>> evals to a json object, it''s passed as the second parameter to >>>>>>> onSuccess, et al. >>>>>>> >>>>>>> e.x. >>>>>>> onSuccess (transport, json) { >>>>>>> // ... >>>>>>> } >>>>>>> >>>>>>> The eval of the response body is based on the "Content-type" header. >>>>>>> If you poke around the code from svn, you''ll find these lines in >>>>>>> ajax.js: >>>>>>> >>>>>>> var contentType = this.getHeader(''Content-type''); >>>>>>> if (contentType && contentType.strip(). >>>>>>> match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i)) >>>>>>> this.evalResponse(); >>>>>>> // ... >>>>>>> >>>>>>> // ... >>>>>>> evalResponse: function() { >>>>>>> try { >>>>>>> return eval((this.transport.responseText || '''').unfilterJSON()); >>>>>>> } catch (e) { >>>>>>> this.dispatchException(e); >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> Does that make things any clearer? >>>>>>> >>>>>>> >>>>>>> TAG >>>>>>> >>>>>>> On May 21, 2007, at 12:38 PM, Stephan Ellis wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Yes, my framework, specifically my view that generates JSON sticks >>>>>>>> the X-JSON header in to accommodate prototype. I guess to rephrase >>>>>>>> my question, if I turn on the X-JSON header, is it supposed to >>>>>>>> automatically eval the response body? Sorry if I seem like I have >>>>>>>> a thick skull :) Thanks a bunch... >>>>>>>> -stephan >>>>>>>> >>>>>>>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >>>>>>>> >>>>>>>> Yes. If your JSON is in the response body, you will have to >>>>>>>> evaluate it >>>>>>>> yourself. It must be the framework you''re using which is creating the >>>>>>>> X-JSON header, perhaps? For example: >>>>>>>> >>>>>>>> new Ajax.Request("some_page.php", { >>>>>>>> parameters: {id: 6}, >>>>>>>> onComplete: function(xhr) { >>>>>>>> var json = xhr.responseText.evalJSON(true); >>>>>>>> /* ... do something else ... */ >>>>>>>> } >>>>>>>> }); >>>>>>>> >>>>>>>> You''re responseText should then be valid JSON. For more information, >>>>>>>> see http://prototypejs.org/api/string/evaljson. >>>>>>>> >>>>>>>> - Dash - >>>>>>>> >>>>>>>> Stephan Ellis wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Dash, >>>>>>>>> Thanks for the reply. Are you saying that I have to evaluate the >>>>>>>>> reponseText myself if the JSON is in the response body? I >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> configured my >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> application to not send the X-JSON header, but prototype is still >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> not >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> evaluating the response body. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> -stephan >>>>>>>>> >>>>>>>>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> The problem is how you''re sending information in the X-JSON header. >>>>>>>>>> Prototype will try to automatically evaluate anything in the X-JSON >>>>>>>>>> header assuming that it is a JSON string. You''re X-JSON header >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> is not a >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>> JSON string but rather another call to eval() so the internal >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> Prototype >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>> String.evalJSON() function is probably your failure point. >>>>>>>>>> >>>>>>>>>> Instead, either make "var json = transport.responseText.evalJSON >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> (true)" >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>> the first line of your callback function, or make sure that your >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> X-JSON >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>> header is *only* a JSON string. >>>>>>>>>> >>>>>>>>>> Also, you should be aware that Prototype 1.5.1 added security >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> features >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>> to help avoid the execution of JSON with invalid code or >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> malicious code >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>> within it. As a result, JSON created and passed around by >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> prototype has >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>> /*-secure- before your JSON and */ after it. If you use the >>>>>>>>>> String.evalJSON() function to parse your information, you might >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> need to >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>> explicitly add these strings before and after your JSON to >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> evaluate it >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>> properly. >>>>>>>>>> >>>>>>>>>> - Dash - >>>>>>>>>> >>>>>>>>>> smellis wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Hello Everyone, >>>>>>>>>>> >>>>>>>>>>> I upgraded to 1.5.1 today and I have run into a problem: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> automatic >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>> JSON evaluation has stopped working. On the server side I use >>>>>>>>>>> Catalyst, an MVC framework for perl. I use >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> Catalyst::View::JSON to >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>> turn my perl data structures in to JSON. Here is what my response >>>>>>>>>>> headers look like: >>>>>>>>>>> >>>>>>>>>>> Response Headers >>>>>>>>>>> Connection close >>>>>>>>>>> Date Mon, 21 May 2007 15:12:54 GMT >>>>>>>>>>> Content-Length 984 >>>>>>>>>>> Content-Type application/javascript; charset=utf-8 >>>>>>>>>>> Set-Cookie >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT >>>>>>>>>>> Status 200 >>>>>>>>>>> X-Catalyst 5.7007 >>>>>>>>>>> X-JSON eval("("+this.transport.responseText+")") >>>>>>>>>>> >>>>>>>>>>> The JSON is actually in the response body. I had to subclassed my >>>>>>>>>>> JSON view to spit out application/javascript, because the default >>>>>>>>>>> content-type (application/json) is not listed in the prototype >>>>>>>>>>> documentation as one that will cause prototype to auto evaluate >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> the >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>> reponse. I have tried turning off the X-JSON header to see if >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> that >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>>>> was a problem, but it still doesn''t work. Any ideas? Thanks in >>>>>>>>>>> advance. -stephan >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>> > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
Stephan Ellis
2007-May-21 21:47 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
via onException, I get two errors, json has no values and invalid label. It''s wierd, but my json is valid as far as I can tell. I can''t think of a reason why it would be valid in 1.5 but not in 1.5.1 Wierd huh? -stephan On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > Yes, I removed the security filter. But that you say it works in 1.5.0 > probably means that the whitespace google inserted was screwing things > up. What''s going wrong with your app? What error is being thrown? > > - Dash - > > Stephan Ellis wrote: > > Hmm, interesting. Did you remove the /*-secure- */ part? It works > > perfectly with 1.5.0 -stephan > > > > On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > >> When I try to evaluate your JSON using Firebug, it tells me there''s an > >> invalid label in there somewhere. > >> > >> - Dash - > >> > >> Stephan Ellis wrote: > >> > >>> OK, so let me show you (according to firebug) the response prototype > >>> is getting from my application. > >>> > >>> Response Headers > >>> Connection close > >>> Date Mon, 21 May 2007 19:54:31 GMT > >>> Content-Length 998 > >>> Content-Type application/javascript; charset=utf-8 > >>> Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; > >>> path=/; expires=Mon, 21-May-2007 21:54:31 GMT > >>> Status 200 > >>> X-Catalyst 5.7007 > >>> > >>> Response Body > >>> /*-secure- {"path_json":[],"files_json":[{"versions":1,"newest_id":64,"is_image":"y","date_added":"04-09-2007 > >>> 14:54:50","name":"Water lilies.jpg","id":59,"date_newest":"04-09-2007 > >>> 14:54:50"},{"versions":1,"newest_id" > >>> :66,"is_image":"y","date_added":"04-11-2007 15:56:15","name":"Blue > >>> hills.jpg","id":61,"date_newest":"04-11-2007 > >>> 15:56:15"}],"folders_json":[{"folders":0,"date":"03-29-2007 > >>> 19:34:16","files":0,"name":"Billy","id" > >>> :22},{"folders":0,"date":"03-29-2007 > >>> 19:34:45","files":0,"name":"Kendall","id":24},{"folders":0,"date" > >>> :"03-29-2007 19:35:01","files":0,"name":"Nothing","id":25},{"folders":2,"date":"03-29-2007 > >>> 19:31:49" > >>> ,"files":0,"name":"DB","id":16},{"folders":1,"date":"03-29-2007 > >>> 19:34:11","files":6,"name":"Angus","id" > >>> :21},{"folders":2,"date":"03-29-2007 > >>> 19:34:29","files":0,"name":"Tanya","id":23},{"folders":2,"date" > >>> :"03-29-2007 20:34:37","files":0,"name":"Another > >>> folder","id":56},{"folders":2,"date":"04-03-2007 15 > >>> :42:23","files":20,"name":"Smellis","id":89}],"parent_json":""} */ > >>> > >>> So, does everyone agree that this should be working? I am lost. > >>> > >>> > >>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >>> > >>> > >>>> Looks good to me. > >>>> - Dash - > >>>> > >>>> Stephan Ellis wrote: > >>>> > >>>> > >>>>> OK, so I went over the code, and it appears that as long as the X-JSON > >>>>> header does not exist and my Content-type is application/javascript and my > >>>>> json in the response body is wrapped with: > >>>>> > >>>>> /*-secure- (some whitespace) [json data here](some more whitespace) */ > >>>>> > >>>>> It should evaluated the response body. Am I wrong? > >>>>> > >>>>> -stephan > >>>>> > >>>>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >>>>> > >>>>> > >>>>> > >>>>>> Wow ... I didn''t know that about the content-type of the response body. > >>>>>> Thanks. > >>>>>> - Dash - > >>>>>> > >>>>>> Tom Gregory wrote: > >>>>>> > >>>>>> > >>>>>> > >>>>>>> The value of the X-JSON header and whether the response body is > >>>>>>> evaluated are separate concerns. If the X-JSON header is present, and > >>>>>>> evals to a json object, it''s passed as the second parameter to > >>>>>>> onSuccess, et al. > >>>>>>> > >>>>>>> e.x. > >>>>>>> onSuccess (transport, json) { > >>>>>>> // ... > >>>>>>> } > >>>>>>> > >>>>>>> The eval of the response body is based on the "Content-type" header. > >>>>>>> If you poke around the code from svn, you''ll find these lines in > >>>>>>> ajax.js: > >>>>>>> > >>>>>>> var contentType = this.getHeader(''Content-type''); > >>>>>>> if (contentType && contentType.strip(). > >>>>>>> match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i)) > >>>>>>> this.evalResponse(); > >>>>>>> // ... > >>>>>>> > >>>>>>> // ... > >>>>>>> evalResponse: function() { > >>>>>>> try { > >>>>>>> return eval((this.transport.responseText || '''').unfilterJSON()); > >>>>>>> } catch (e) { > >>>>>>> this.dispatchException(e); > >>>>>>> } > >>>>>>> } > >>>>>>> > >>>>>>> Does that make things any clearer? > >>>>>>> > >>>>>>> > >>>>>>> TAG > >>>>>>> > >>>>>>> On May 21, 2007, at 12:38 PM, Stephan Ellis wrote: > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>>> Yes, my framework, specifically my view that generates JSON sticks > >>>>>>>> the X-JSON header in to accommodate prototype. I guess to rephrase > >>>>>>>> my question, if I turn on the X-JSON header, is it supposed to > >>>>>>>> automatically eval the response body? Sorry if I seem like I have > >>>>>>>> a thick skull :) Thanks a bunch... > >>>>>>>> -stephan > >>>>>>>> > >>>>>>>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >>>>>>>> > >>>>>>>> Yes. If your JSON is in the response body, you will have to > >>>>>>>> evaluate it > >>>>>>>> yourself. It must be the framework you''re using which is creating the > >>>>>>>> X-JSON header, perhaps? For example: > >>>>>>>> > >>>>>>>> new Ajax.Request("some_page.php", { > >>>>>>>> parameters: {id: 6}, > >>>>>>>> onComplete: function(xhr) { > >>>>>>>> var json = xhr.responseText.evalJSON(true); > >>>>>>>> /* ... do something else ... */ > >>>>>>>> } > >>>>>>>> }); > >>>>>>>> > >>>>>>>> You''re responseText should then be valid JSON. For more information, > >>>>>>>> see http://prototypejs.org/api/string/evaljson. > >>>>>>>> > >>>>>>>> - Dash - > >>>>>>>> > >>>>>>>> Stephan Ellis wrote: > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> Dash, > >>>>>>>>> Thanks for the reply. Are you saying that I have to evaluate the > >>>>>>>>> reponseText myself if the JSON is in the response body? I > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> configured my > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> application to not send the X-JSON header, but prototype is still > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>> not > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> evaluating the response body. > >>>>>>>>> > >>>>>>>>> Thanks, > >>>>>>>>> -stephan > >>>>>>>>> > >>>>>>>>> On 5/21/07, David Dashifen Kees <dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>>> The problem is how you''re sending information in the X-JSON header. > >>>>>>>>>> Prototype will try to automatically evaluate anything in the X-JSON > >>>>>>>>>> header assuming that it is a JSON string. You''re X-JSON header > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>> is not a > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>> JSON string but rather another call to eval() so the internal > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>> Prototype > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>> String.evalJSON() function is probably your failure point. > >>>>>>>>>> > >>>>>>>>>> Instead, either make "var json = transport.responseText.evalJSON > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>> (true)" > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>> the first line of your callback function, or make sure that your > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>> X-JSON > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>> header is *only* a JSON string. > >>>>>>>>>> > >>>>>>>>>> Also, you should be aware that Prototype 1.5.1 added security > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>> features > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>> to help avoid the execution of JSON with invalid code or > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>> malicious code > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>> within it. As a result, JSON created and passed around by > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>> prototype has > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>> /*-secure- before your JSON and */ after it. If you use the > >>>>>>>>>> String.evalJSON() function to parse your information, you might > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>> need to > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>> explicitly add these strings before and after your JSON to > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>> evaluate it > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>> properly. > >>>>>>>>>> > >>>>>>>>>> - Dash - > >>>>>>>>>> > >>>>>>>>>> smellis wrote: > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>>> Hello Everyone, > >>>>>>>>>>> > >>>>>>>>>>> I upgraded to 1.5.1 today and I have run into a problem: > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>> automatic > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>> JSON evaluation has stopped working. On the server side I use > >>>>>>>>>>> Catalyst, an MVC framework for perl. I use > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>> Catalyst::View::JSON to > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>> turn my perl data structures in to JSON. Here is what my response > >>>>>>>>>>> headers look like: > >>>>>>>>>>> > >>>>>>>>>>> Response Headers > >>>>>>>>>>> Connection close > >>>>>>>>>>> Date Mon, 21 May 2007 15:12:54 GMT > >>>>>>>>>>> Content-Length 984 > >>>>>>>>>>> Content-Type application/javascript; charset=utf-8 > >>>>>>>>>>> Set-Cookie > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c; > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT > >>>>>>>>>>> Status 200 > >>>>>>>>>>> X-Catalyst 5.7007 > >>>>>>>>>>> X-JSON eval("("+this.transport.responseText+")") > >>>>>>>>>>> > >>>>>>>>>>> The JSON is actually in the response body. I had to subclassed my > >>>>>>>>>>> JSON view to spit out application/javascript, because the default > >>>>>>>>>>> content-type (application/json) is not listed in the prototype > >>>>>>>>>>> documentation as one that will cause prototype to auto evaluate > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>> the > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>> reponse. I have tried turning off the X-JSON header to see if > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>> that > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>>>> was a problem, but it still doesn''t work. Any ideas? Thanks in > >>>>>>>>>>> advance. -stephan > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>> > > > > > > > > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
That''s a bug introduced in 1.5.1: http://dev.rubyonrails.org/ticket/8271 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
Mark Holton
2007-May-21 23:07 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
Hello, I''m getting errors when I pass a "?" or a "#" to my server side code. So for instance, let''s say I''m saving a "name" and a "memo", and someone decides to include a "?" in the text of their memo. It causes an error when sent to the server side code. Is there a way, in Prototype, to make sure it passes the whole string and to not interpret pieces of the string passed in? I am passing the string in as $(''txtMemo'').value, for example. (when it''s a numeric value, and in other cases I pre-process the string on the server side to avoid SQL-injection, etc, but these two characters in particular, "?", or "#" are causing the error to occur). Many thanks for any heads up there. cheers, Mark --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
Richard Quadling
2007-May-22 08:07 UTC
Re: Automatic JSON response evaluation in prototype 1.5.1
It would be really useful if the data JSON data was urlencoded before going in to the header and automatically urldecoded in prototype. This would allow for all the all sorts of odd characters to be included. On 22/05/07, Mark Holton <holtonma-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hello, > > I''m getting errors when I pass a "?" or a "#" to my server side code. So > for instance, let''s say I''m saving a "name" and a "memo", and someone > decides to include a "?" in the text of their memo. It causes an error when > sent to the server side code. Is there a way, in Prototype, to make sure it > passes the whole string and to not interpret pieces of the string passed in? > I am passing the string in as $(''txtMemo'').value, for example. > > (when it''s a numeric value, and in other cases I pre-process the string on > the server side to avoid SQL-injection, etc, but these two characters in > particular, "?", or "#" are causing the error to occur). > > Many thanks for any heads up there. > cheers, > Mark > > > > >-- ----- Richard Quadling Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 "Standing on the shoulders of some very clever giants!" --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
Could you not put the data with reserved characters in the postBody? On May 22, 3:07 am, "Richard Quadling" <rquadl...-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org> wrote:> It would be really useful if the data JSON data was urlencoded before > going in to the header and automatically urldecoded in prototype. This > would allow for all the all sorts of odd characters to be included. > > On 22/05/07, Mark Holton <holto...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > > Hello, > > > I''m getting errors when I pass a "?" or a "#" to my server side code. So > > for instance, let''s say I''m saving a "name" and a "memo", and someone > > decides to include a "?" in the text of their memo. It causes an error when > > sent to the server side code. Is there a way, in Prototype, to make sure it > > passes the whole string and to not interpret pieces of the string passed in? > > I am passing the string in as $(''txtMemo'').value, for example. > > > (when it''s a numeric value, and in other cases I pre-process the string on > > the server side to avoid SQL-injection, etc, but these two characters in > > particular, "?", or "#" are causing the error to occur). > > > Many thanks for any heads up there. > > cheers, > > Mark > > -- > ----- > Richard Quadling > Zend Certified Engineer :http://zend.com/zce.php?c=ZEND002498&r=213474731 > "Standing on the shoulders of some very clever giants!"--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---