Rails spinoffs - May 2007 - Automatic JSON response evaluation in prototype 1.5.1

Hello Everyone,

  I upgraded to 1.5.1 today and I have run into a problem: automatic
JSON evaluation has stopped working.  On the server side I use
Catalyst, an MVC framework for perl.  I use Catalyst::View::JSON to
turn my perl data structures in to JSON.  Here is what my response
headers look like:

Response Headers
Connection	close
Date	Mon, 21 May 2007 15:12:54 GMT
Content-Length	984
Content-Type	application/javascript; charset=utf-8
Set-Cookie	bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
path=/; expires=Mon, 21-May-2007 17:12:54 GMT
Status	200
X-Catalyst	5.7007
X-JSON	eval("("+this.transport.responseText+")")

The JSON is actually in the response body.  I had to subclassed my
JSON view to spit out application/javascript, because the default
content-type (application/json) is not listed in the prototype
documentation as one that will cause prototype to auto evaluate the
reponse.  I have tried turning off the X-JSON header to see if that
was a problem, but it still doesn''t work.  Any ideas?  Thanks in
advance. -stephan


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

Was my post deleted? Dupe?

On 5/21/07, smellis
<stephan.ellis-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
>
> Hello Everyone,
>
>   I upgraded to 1.5.1 today and I have run into a problem: automatic
> JSON evaluation has stopped working.  On the server side I use
> Catalyst, an MVC framework for perl.  I use Catalyst::View::JSON to
> turn my perl data structures in to JSON.  Here is what my response
> headers look like:
>
> Response Headers
> Connection      close
> Date    Mon, 21 May 2007 15:12:54 GMT
> Content-Length  984
> Content-Type    application/javascript; charset=utf-8
> Set-Cookie      bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
> path=/; expires=Mon, 21-May-2007 17:12:54 GMT
> Status  200
> X-Catalyst      5.7007
> X-JSON  eval("("+this.transport.responseText+")")
>
> The JSON is actually in the response body.  I had to subclassed my
> JSON view to spit out application/javascript, because the default
> content-type (application/json) is not listed in the prototype
> documentation as one that will cause prototype to auto evaluate the
> reponse.  I have tried turning off the X-JSON header to see if that
> was a problem, but it still doesn''t work.  Any ideas?  Thanks in
> advance. -stephan
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

The problem is how you''re sending information in the X-JSON header.  
Prototype will try to automatically evaluate anything in the X-JSON 
header assuming that it is a JSON string.  You''re X-JSON header is not
a
JSON string but rather another call to eval() so the internal Prototype 
String.evalJSON() function is probably your failure point.

Instead, either make "var json =
transport.responseText.evalJSON(true)"
the first line of your callback function, or make sure that your X-JSON 
header is *only* a JSON string. 

Also, you should be aware that Prototype 1.5.1 added security features 
to help avoid the execution of JSON with invalid code or malicious code 
within it.  As a result, JSON created and passed around by prototype has 
/*-secure- before your JSON and */ after it.  If you use the 
String.evalJSON() function to parse your information, you might need to 
explicitly add these strings before and after your JSON to evaluate it 
properly. 

 - Dash -

smellis wrote:
> Hello Everyone,
>
>   I upgraded to 1.5.1 today and I have run into a problem: automatic
> JSON evaluation has stopped working.  On the server side I use
> Catalyst, an MVC framework for perl.  I use Catalyst::View::JSON to
> turn my perl data structures in to JSON.  Here is what my response
> headers look like:
>
> Response Headers
> Connection	close
> Date	Mon, 21 May 2007 15:12:54 GMT
> Content-Length	984
> Content-Type	application/javascript; charset=utf-8
> Set-Cookie	bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
> path=/; expires=Mon, 21-May-2007 17:12:54 GMT
> Status	200
> X-Catalyst	5.7007
> X-JSON	eval("("+this.transport.responseText+")")
>
> The JSON is actually in the response body.  I had to subclassed my
> JSON view to spit out application/javascript, because the default
> content-type (application/json) is not listed in the prototype
> documentation as one that will cause prototype to auto evaluate the
> reponse.  I have tried turning off the X-JSON header to see if that
> was a problem, but it still doesn''t work.  Any ideas?  Thanks in
> advance. -stephan
>
>
> >
>
>   
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

Dash,
  Thanks for the reply.  Are you saying that I have to evaluate the
reponseText myself if the JSON is in the response body?  I configured my
application to not send the X-JSON header, but prototype is still not
evaluating the response body.

Thanks,
-stephan

On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
>
> The problem is how you''re sending information in the X-JSON
header.
> Prototype will try to automatically evaluate anything in the X-JSON
> header assuming that it is a JSON string.  You''re X-JSON header is
not a
> JSON string but rather another call to eval() so the internal Prototype
> String.evalJSON() function is probably your failure point.
>
> Instead, either make "var json =
transport.responseText.evalJSON(true)"
> the first line of your callback function, or make sure that your X-JSON
> header is *only* a JSON string.
>
> Also, you should be aware that Prototype 1.5.1 added security features
> to help avoid the execution of JSON with invalid code or malicious code
> within it.  As a result, JSON created and passed around by prototype has
> /*-secure- before your JSON and */ after it.  If you use the
> String.evalJSON() function to parse your information, you might need to
> explicitly add these strings before and after your JSON to evaluate it
> properly.
>
> - Dash -
>
> smellis wrote:
> > Hello Everyone,
> >
> >   I upgraded to 1.5.1 today and I have run into a problem: automatic
> > JSON evaluation has stopped working.  On the server side I use
> > Catalyst, an MVC framework for perl.  I use Catalyst::View::JSON to
> > turn my perl data structures in to JSON.  Here is what my response
> > headers look like:
> >
> > Response Headers
> > Connection    close
> > Date  Mon, 21 May 2007 15:12:54 GMT
> > Content-Length        984
> > Content-Type  application/javascript; charset=utf-8
> > Set-Cookie    bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
> > path=/; expires=Mon, 21-May-2007 17:12:54 GMT
> > Status        200
> > X-Catalyst    5.7007
> > X-JSON       
eval("("+this.transport.responseText+")")
> >
> > The JSON is actually in the response body.  I had to subclassed my
> > JSON view to spit out application/javascript, because the default
> > content-type (application/json) is not listed in the prototype
> > documentation as one that will cause prototype to auto evaluate the
> > reponse.  I have tried turning off the X-JSON header to see if that
> > was a problem, but it still doesn''t work.  Any ideas?  Thanks
in
> > advance. -stephan
> >
> >
> > >
> >
> >
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

Yes.  If your JSON is in the response body, you will have to evaluate it 
yourself.  It must be the framework you''re using which is creating the 
X-JSON header, perhaps?  For example:

new Ajax.Request("some_page.php", {
    parameters: {id: 6},
    onComplete: function(xhr) {
       var json = xhr.responseText.evalJSON(true);
       /* ... do something else ... */
    }
});

You''re responseText should then be valid JSON.  For more information, 
see http://prototypejs.org/api/string/evaljson.

 - Dash -

Stephan Ellis wrote:
> Dash,
>   Thanks for the reply.  Are you saying that I have to evaluate the
> reponseText myself if the JSON is in the response body?  I configured my
> application to not send the X-JSON header, but prototype is still not
> evaluating the response body.
>
> Thanks,
> -stephan
>
> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>   
>> The problem is how you''re sending information in the X-JSON
header.
>> Prototype will try to automatically evaluate anything in the X-JSON
>> header assuming that it is a JSON string.  You''re X-JSON
header is not a
>> JSON string but rather another call to eval() so the internal Prototype
>> String.evalJSON() function is probably your failure point.
>>
>> Instead, either make "var json =
transport.responseText.evalJSON(true)"
>> the first line of your callback function, or make sure that your X-JSON
>> header is *only* a JSON string.
>>
>> Also, you should be aware that Prototype 1.5.1 added security features
>> to help avoid the execution of JSON with invalid code or malicious code
>> within it.  As a result, JSON created and passed around by prototype
has
>> /*-secure- before your JSON and */ after it.  If you use the
>> String.evalJSON() function to parse your information, you might need to
>> explicitly add these strings before and after your JSON to evaluate it
>> properly.
>>
>> - Dash -
>>
>> smellis wrote:
>>     
>>> Hello Everyone,
>>>
>>>   I upgraded to 1.5.1 today and I have run into a problem:
automatic
>>> JSON evaluation has stopped working.  On the server side I use
>>> Catalyst, an MVC framework for perl.  I use Catalyst::View::JSON to
>>> turn my perl data structures in to JSON.  Here is what my response
>>> headers look like:
>>>
>>> Response Headers
>>> Connection    close
>>> Date  Mon, 21 May 2007 15:12:54 GMT
>>> Content-Length        984
>>> Content-Type  application/javascript; charset=utf-8
>>> Set-Cookie    bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT
>>> Status        200
>>> X-Catalyst    5.7007
>>> X-JSON       
eval("("+this.transport.responseText+")")
>>>
>>> The JSON is actually in the response body.  I had to subclassed my
>>> JSON view to spit out application/javascript, because the default
>>> content-type (application/json) is not listed in the prototype
>>> documentation as one that will cause prototype to auto evaluate the
>>> reponse.  I have tried turning off the X-JSON header to see if that
>>> was a problem, but it still doesn''t work.  Any ideas? 
Thanks in
>>> advance. -stephan
>>>
>>>
>>>       
>>>       
>
> >
>
>   
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

Yes, my framework, specifically my view that generates JSON sticks the
X-JSON header in to accommodate prototype.  I guess to rephrase my question,
if I turn on the X-JSON header, is it supposed to automatically eval the
response body?  Sorry if I seem like I have a thick skull :)  Thanks a
bunch...
-stephan

On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
>
> Yes.  If your JSON is in the response body, you will have to evaluate it
> yourself.  It must be the framework you''re using which is creating
the
> X-JSON header, perhaps?  For example:
>
> new Ajax.Request("some_page.php", {
>     parameters: {id: 6},
>     onComplete: function(xhr) {
>        var json = xhr.responseText.evalJSON(true);
>        /* ... do something else ... */
>     }
> });
>
> You''re responseText should then be valid JSON.  For more
information,
> see http://prototypejs.org/api/string/evaljson.
>
> - Dash -
>
> Stephan Ellis wrote:
> > Dash,
> >   Thanks for the reply.  Are you saying that I have to evaluate the
> > reponseText myself if the JSON is in the response body?  I configured
my
> > application to not send the X-JSON header, but prototype is still not
> > evaluating the response body.
> >
> > Thanks,
> > -stephan
> >
> > On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >
> >> The problem is how you''re sending information in the
X-JSON header.
> >> Prototype will try to automatically evaluate anything in the
X-JSON
> >> header assuming that it is a JSON string.  You''re X-JSON
header is not
> a
> >> JSON string but rather another call to eval() so the internal
Prototype
> >> String.evalJSON() function is probably your failure point.
> >>
> >> Instead, either make "var json =
transport.responseText.evalJSON(true)"
> >> the first line of your callback function, or make sure that your
X-JSON
> >> header is *only* a JSON string.
> >>
> >> Also, you should be aware that Prototype 1.5.1 added security
features
> >> to help avoid the execution of JSON with invalid code or malicious
code
> >> within it.  As a result, JSON created and passed around by
prototype
> has
> >> /*-secure- before your JSON and */ after it.  If you use the
> >> String.evalJSON() function to parse your information, you might
need to
> >> explicitly add these strings before and after your JSON to
evaluate it
> >> properly.
> >>
> >> - Dash -
> >>
> >> smellis wrote:
> >>
> >>> Hello Everyone,
> >>>
> >>>   I upgraded to 1.5.1 today and I have run into a problem:
automatic
> >>> JSON evaluation has stopped working.  On the server side I use
> >>> Catalyst, an MVC framework for perl.  I use
Catalyst::View::JSON to
> >>> turn my perl data structures in to JSON.  Here is what my
response
> >>> headers look like:
> >>>
> >>> Response Headers
> >>> Connection    close
> >>> Date  Mon, 21 May 2007 15:12:54 GMT
> >>> Content-Length        984
> >>> Content-Type  application/javascript; charset=utf-8
> >>> Set-Cookie   
bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
> >>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT
> >>> Status        200
> >>> X-Catalyst    5.7007
> >>> X-JSON       
eval("("+this.transport.responseText+")")
> >>>
> >>> The JSON is actually in the response body.  I had to
subclassed my
> >>> JSON view to spit out application/javascript, because the
default
> >>> content-type (application/json) is not listed in the prototype
> >>> documentation as one that will cause prototype to auto
evaluate the
> >>> reponse.  I have tried turning off the X-JSON header to see if
that
> >>> was a problem, but it still doesn''t work.  Any ideas?
Thanks in
> >>> advance. -stephan
> >>>
> >>>
> >>>
> >>>
> >
> > >
> >
> >
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

No.  If you put in the X-JSON header, then it tries to automatically 
evaluate the contents of the X-JSON header.  The only thing you can do 
to get an auto evaluation of the response body is to use the evalScripts 
option of the Ajax.Updater object to automatically evaluate and 
javascript blocks (from <script> to </script>) which exist within
your
response body.  The timing will be interesting, though.  I think that 
the scripts are evaluated between onSuccess and onComplete, so you can 
access an object or function created within a response body only from 
within the onComplete callback and then only if you can get the scope of 
the created object/function to include the scope of the callback (i.e., 
use global variables).  All in all, I''m not sure what your framework is
doing, but if you want automatic JSON evaluation, your best bet is 
probably to put a JSON string in the X-JSON header.  If you send JSON 
back as the response body, there''s no real easy way to make sure
it''s
evaluated properly.

 - Dash -

Stephan Ellis wrote:
> Yes, my framework, specifically my view that generates JSON sticks the
> X-JSON header in to accommodate prototype.  I guess to rephrase my
question,
> if I turn on the X-JSON header, is it supposed to automatically eval the
> response body?  Sorry if I seem like I have a thick skull :)  Thanks a
> bunch...
> -stephan
>
> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>   
>> Yes.  If your JSON is in the response body, you will have to evaluate
it
>> yourself.  It must be the framework you''re using which is
creating the
>> X-JSON header, perhaps?  For example:
>>
>> new Ajax.Request("some_page.php", {
>>     parameters: {id: 6},
>>     onComplete: function(xhr) {
>>        var json = xhr.responseText.evalJSON(true);
>>        /* ... do something else ... */
>>     }
>> });
>>
>> You''re responseText should then be valid JSON.  For more
information,
>> see http://prototypejs.org/api/string/evaljson.
>>
>> - Dash -
>>
>> Stephan Ellis wrote:
>>     
>>> Dash,
>>>   Thanks for the reply.  Are you saying that I have to evaluate the
>>> reponseText myself if the JSON is in the response body?  I
configured my
>>> application to not send the X-JSON header, but prototype is still
not
>>> evaluating the response body.
>>>
>>> Thanks,
>>> -stephan
>>>
>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>
>>>       
>>>> The problem is how you''re sending information in the
X-JSON header.
>>>> Prototype will try to automatically evaluate anything in the
X-JSON
>>>> header assuming that it is a JSON string.  You''re
X-JSON header is not
>>>>         
>> a
>>     
>>>> JSON string but rather another call to eval() so the internal
Prototype
>>>> String.evalJSON() function is probably your failure point.
>>>>
>>>> Instead, either make "var json =
transport.responseText.evalJSON(true)"
>>>> the first line of your callback function, or make sure that
your X-JSON
>>>> header is *only* a JSON string.
>>>>
>>>> Also, you should be aware that Prototype 1.5.1 added security
features
>>>> to help avoid the execution of JSON with invalid code or
malicious code
>>>> within it.  As a result, JSON created and passed around by
prototype
>>>>         
>> has
>>     
>>>> /*-secure- before your JSON and */ after it.  If you use the
>>>> String.evalJSON() function to parse your information, you might
need to
>>>> explicitly add these strings before and after your JSON to
evaluate it
>>>> properly.
>>>>
>>>> - Dash -
>>>>
>>>> smellis wrote:
>>>>
>>>>         
>>>>> Hello Everyone,
>>>>>
>>>>>   I upgraded to 1.5.1 today and I have run into a problem:
automatic
>>>>> JSON evaluation has stopped working.  On the server side I
use
>>>>> Catalyst, an MVC framework for perl.  I use
Catalyst::View::JSON to
>>>>> turn my perl data structures in to JSON.  Here is what my
response
>>>>> headers look like:
>>>>>
>>>>> Response Headers
>>>>> Connection    close
>>>>> Date  Mon, 21 May 2007 15:12:54 GMT
>>>>> Content-Length        984
>>>>> Content-Type  application/javascript; charset=utf-8
>>>>> Set-Cookie   
bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
>>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT
>>>>> Status        200
>>>>> X-Catalyst    5.7007
>>>>> X-JSON       
eval("("+this.transport.responseText+")")
>>>>>
>>>>> The JSON is actually in the response body.  I had to
subclassed my
>>>>> JSON view to spit out application/javascript, because the
default
>>>>> content-type (application/json) is not listed in the
prototype
>>>>> documentation as one that will cause prototype to auto
evaluate the
>>>>> reponse.  I have tried turning off the X-JSON header to see
if that
>>>>> was a problem, but it still doesn''t work.  Any
ideas?  Thanks in
>>>>> advance. -stephan
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>           
>>>       
>
> >
>
>   
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

The value of the X-JSON header and whether the response body is  
evaluated are separate concerns. If the X-JSON header is present, and  
evals to a json object, it''s passed as the second parameter to  
onSuccess, et al.

e.x.
onSuccess (transport, json) {
   // ...
}

The eval of the response body is based on the "Content-type" header.
If you poke around the code from svn, you''ll find these lines in  
ajax.js:

       var contentType = this.getHeader(''Content-type'');
       if (contentType && contentType.strip().
         match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i))
           this.evalResponse();
// ...

// ...
evalResponse: function() {
     try {
       return eval((this.transport.responseText ||
'''').unfilterJSON());
     } catch (e) {
       this.dispatchException(e);
     }
   }

Does that make things any clearer?


TAG

On May 21, 2007, at 12:38 PM, Stephan Ellis wrote:
> Yes, my framework, specifically my view that generates JSON sticks  
> the X-JSON header in to accommodate prototype.  I guess to rephrase  
> my question, if I turn on the X-JSON header, is it supposed to  
> automatically eval the response body?  Sorry if I seem like I have  
> a thick skull :)  Thanks a bunch...
> -stephan
>
> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> Yes.  If your JSON is in the response body, you will have to  
> evaluate it
> yourself.  It must be the framework you''re using which is creating
the
> X-JSON header, perhaps?  For example:
>
> new Ajax.Request("some_page.php", {
>     parameters: {id: 6},
>     onComplete: function(xhr) {
>        var json = xhr.responseText.evalJSON(true);
>        /* ... do something else ... */
>     }
> });
>
> You''re responseText should then be valid JSON.  For more
information,
> see http://prototypejs.org/api/string/evaljson.
>
> - Dash -
>
> Stephan Ellis wrote:
> > Dash,
> >   Thanks for the reply.  Are you saying that I have to evaluate the
> > reponseText myself if the JSON is in the response body?  I  
> configured my
> > application to not send the X-JSON header, but prototype is still  
> not
> > evaluating the response body.
> >
> > Thanks,
> > -stephan
> >
> > On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >
> >> The problem is how you''re sending information in the
X-JSON header.
> >> Prototype will try to automatically evaluate anything in the
X-JSON
> >> header assuming that it is a JSON string.  You''re X-JSON
header
> is not a
> >> JSON string but rather another call to eval() so the internal  
> Prototype
> >> String.evalJSON() function is probably your failure point.
> >>
> >> Instead, either make "var json =
transport.responseText.evalJSON
> (true)"
> >> the first line of your callback function, or make sure that your  
> X-JSON
> >> header is *only* a JSON string.
> >>
> >> Also, you should be aware that Prototype 1.5.1 added security  
> features
> >> to help avoid the execution of JSON with invalid code or  
> malicious code
> >> within it.  As a result, JSON created and passed around by  
> prototype has
> >> /*-secure- before your JSON and */ after it.  If you use the
> >> String.evalJSON() function to parse your information, you might  
> need to
> >> explicitly add these strings before and after your JSON to  
> evaluate it
> >> properly.
> >>
> >> - Dash -
> >>
> >> smellis wrote:
> >>
> >>> Hello Everyone,
> >>>
> >>>   I upgraded to 1.5.1 today and I have run into a problem:  
> automatic
> >>> JSON evaluation has stopped working.  On the server side I use
> >>> Catalyst, an MVC framework for perl.  I use  
> Catalyst::View::JSON to
> >>> turn my perl data structures in to JSON.  Here is what my
response
> >>> headers look like:
> >>>
> >>> Response Headers
> >>> Connection    close
> >>> Date  Mon, 21 May 2007 15:12:54 GMT
> >>> Content-Length        984
> >>> Content-Type  application/javascript; charset=utf-8
> >>> Set-Cookie     
> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
> >>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT
> >>> Status        200
> >>> X-Catalyst    5.7007
> >>> X-JSON       
eval("("+this.transport.responseText+")")
> >>>
> >>> The JSON is actually in the response body.  I had to
subclassed my
> >>> JSON view to spit out application/javascript, because the
default
> >>> content-type (application/json) is not listed in the prototype
> >>> documentation as one that will cause prototype to auto
evaluate
> the
> >>> reponse.  I have tried turning off the X-JSON header to see if
> that
> >>> was a problem, but it still doesn''t work.  Any ideas?
Thanks in
> >>> advance. -stephan
> >>>
> >>>
> >>>
> >>>
> >
> > >
> >
> >
> >

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

Wow ... I didn''t know that about the content-type of the response body.
Thanks.
 - Dash -

Tom Gregory wrote:
> The value of the X-JSON header and whether the response body is  
> evaluated are separate concerns. If the X-JSON header is present, and  
> evals to a json object, it''s passed as the second parameter to  
> onSuccess, et al.
>
> e.x.
> onSuccess (transport, json) {
>    // ...
> }
>
> The eval of the response body is based on the "Content-type"
header.
> If you poke around the code from svn, you''ll find these lines in  
> ajax.js:
>
>        var contentType = this.getHeader(''Content-type'');
>        if (contentType && contentType.strip().
>          match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i))
>            this.evalResponse();
> // ...
>
> // ...
> evalResponse: function() {
>      try {
>        return eval((this.transport.responseText ||
'''').unfilterJSON());
>      } catch (e) {
>        this.dispatchException(e);
>      }
>    }
>
> Does that make things any clearer?
>
>
> TAG
>
> On May 21, 2007, at 12:38 PM, Stephan Ellis wrote:
>
>   
>> Yes, my framework, specifically my view that generates JSON sticks  
>> the X-JSON header in to accommodate prototype.  I guess to rephrase  
>> my question, if I turn on the X-JSON header, is it supposed to  
>> automatically eval the response body?  Sorry if I seem like I have  
>> a thick skull :)  Thanks a bunch...
>> -stephan
>>
>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>
>> Yes.  If your JSON is in the response body, you will have to  
>> evaluate it
>> yourself.  It must be the framework you''re using which is
creating the
>> X-JSON header, perhaps?  For example:
>>
>> new Ajax.Request("some_page.php", {
>>     parameters: {id: 6},
>>     onComplete: function(xhr) {
>>        var json = xhr.responseText.evalJSON(true);
>>        /* ... do something else ... */
>>     }
>> });
>>
>> You''re responseText should then be valid JSON.  For more
information,
>> see http://prototypejs.org/api/string/evaljson.
>>
>> - Dash -
>>
>> Stephan Ellis wrote:
>>     
>>> Dash,
>>>   Thanks for the reply.  Are you saying that I have to evaluate the
>>> reponseText myself if the JSON is in the response body?  I  
>>>       
>> configured my
>>     
>>> application to not send the X-JSON header, but prototype is still  
>>>       
>> not
>>     
>>> evaluating the response body.
>>>
>>> Thanks,
>>> -stephan
>>>
>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>
>>>       
>>>> The problem is how you''re sending information in the
X-JSON header.
>>>> Prototype will try to automatically evaluate anything in the
X-JSON
>>>> header assuming that it is a JSON string.  You''re
X-JSON header
>>>>         
>> is not a
>>     
>>>> JSON string but rather another call to eval() so the internal  
>>>>         
>> Prototype
>>     
>>>> String.evalJSON() function is probably your failure point.
>>>>
>>>> Instead, either make "var json =
transport.responseText.evalJSON
>>>>         
>> (true)"
>>     
>>>> the first line of your callback function, or make sure that
your
>>>>         
>> X-JSON
>>     
>>>> header is *only* a JSON string.
>>>>
>>>> Also, you should be aware that Prototype 1.5.1 added security  
>>>>         
>> features
>>     
>>>> to help avoid the execution of JSON with invalid code or  
>>>>         
>> malicious code
>>     
>>>> within it.  As a result, JSON created and passed around by  
>>>>         
>> prototype has
>>     
>>>> /*-secure- before your JSON and */ after it.  If you use the
>>>> String.evalJSON() function to parse your information, you might
>>>>         
>> need to
>>     
>>>> explicitly add these strings before and after your JSON to  
>>>>         
>> evaluate it
>>     
>>>> properly.
>>>>
>>>> - Dash -
>>>>
>>>> smellis wrote:
>>>>
>>>>         
>>>>> Hello Everyone,
>>>>>
>>>>>   I upgraded to 1.5.1 today and I have run into a problem:
>>>>>           
>> automatic
>>     
>>>>> JSON evaluation has stopped working.  On the server side I
use
>>>>> Catalyst, an MVC framework for perl.  I use  
>>>>>           
>> Catalyst::View::JSON to
>>     
>>>>> turn my perl data structures in to JSON.  Here is what my
response
>>>>> headers look like:
>>>>>
>>>>> Response Headers
>>>>> Connection    close
>>>>> Date  Mon, 21 May 2007 15:12:54 GMT
>>>>> Content-Length        984
>>>>> Content-Type  application/javascript; charset=utf-8
>>>>> Set-Cookie     
>>>>>           
>> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
>>     
>>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT
>>>>> Status        200
>>>>> X-Catalyst    5.7007
>>>>> X-JSON       
eval("("+this.transport.responseText+")")
>>>>>
>>>>> The JSON is actually in the response body.  I had to
subclassed my
>>>>> JSON view to spit out application/javascript, because the
default
>>>>> content-type (application/json) is not listed in the
prototype
>>>>> documentation as one that will cause prototype to auto
evaluate
>>>>>           
>> the
>>     
>>>>> reponse.  I have tried turning off the X-JSON header to see
if
>>>>>           
>> that
>>     
>>>>> was a problem, but it still doesn''t work.  Any
ideas?  Thanks in
>>>>> advance. -stephan
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>           
>>>
>>>       
>
>
> >
>
>   
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

OK, so I went over the code, and it appears that as long as the X-JSON
header does not exist and my Content-type is application/javascript and my
json in the response body is wrapped with:

/*-secure- (some whitespace) [json data here](some more whitespace) */

It should evaluated the response body.  Am I wrong?

-stephan

On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
>
> Wow ... I didn''t know that about the content-type of the response
body.
> Thanks.
> - Dash -
>
> Tom Gregory wrote:
> > The value of the X-JSON header and whether the response body is
> > evaluated are separate concerns. If the X-JSON header is present, and
> > evals to a json object, it''s passed as the second parameter
to
> > onSuccess, et al.
> >
> > e.x.
> > onSuccess (transport, json) {
> >    // ...
> > }
> >
> > The eval of the response body is based on the "Content-type"
header.
> > If you poke around the code from svn, you''ll find these lines
in
> > ajax.js:
> >
> >        var contentType =
this.getHeader(''Content-type'');
> >        if (contentType && contentType.strip().
> >          match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i))
> >            this.evalResponse();
> > // ...
> >
> > // ...
> > evalResponse: function() {
> >      try {
> >        return eval((this.transport.responseText ||
'''').unfilterJSON());
> >      } catch (e) {
> >        this.dispatchException(e);
> >      }
> >    }
> >
> > Does that make things any clearer?
> >
> >
> > TAG
> >
> > On May 21, 2007, at 12:38 PM, Stephan Ellis wrote:
> >
> >
> >> Yes, my framework, specifically my view that generates JSON sticks
> >> the X-JSON header in to accommodate prototype.  I guess to
rephrase
> >> my question, if I turn on the X-JSON header, is it supposed to
> >> automatically eval the response body?  Sorry if I seem like I have
> >> a thick skull :)  Thanks a bunch...
> >> -stephan
> >>
> >> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >>
> >> Yes.  If your JSON is in the response body, you will have to
> >> evaluate it
> >> yourself.  It must be the framework you''re using which is
creating the
> >> X-JSON header, perhaps?  For example:
> >>
> >> new Ajax.Request("some_page.php", {
> >>     parameters: {id: 6},
> >>     onComplete: function(xhr) {
> >>        var json = xhr.responseText.evalJSON(true);
> >>        /* ... do something else ... */
> >>     }
> >> });
> >>
> >> You''re responseText should then be valid JSON.  For more
information,
> >> see http://prototypejs.org/api/string/evaljson.
> >>
> >> - Dash -
> >>
> >> Stephan Ellis wrote:
> >>
> >>> Dash,
> >>>   Thanks for the reply.  Are you saying that I have to
evaluate the
> >>> reponseText myself if the JSON is in the response body?  I
> >>>
> >> configured my
> >>
> >>> application to not send the X-JSON header, but prototype is
still
> >>>
> >> not
> >>
> >>> evaluating the response body.
> >>>
> >>> Thanks,
> >>> -stephan
> >>>
> >>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >>>
> >>>
> >>>> The problem is how you''re sending information in
the X-JSON header.
> >>>> Prototype will try to automatically evaluate anything in
the X-JSON
> >>>> header assuming that it is a JSON string.  You''re
X-JSON header
> >>>>
> >> is not a
> >>
> >>>> JSON string but rather another call to eval() so the
internal
> >>>>
> >> Prototype
> >>
> >>>> String.evalJSON() function is probably your failure point.
> >>>>
> >>>> Instead, either make "var json =
transport.responseText.evalJSON
> >>>>
> >> (true)"
> >>
> >>>> the first line of your callback function, or make sure
that your
> >>>>
> >> X-JSON
> >>
> >>>> header is *only* a JSON string.
> >>>>
> >>>> Also, you should be aware that Prototype 1.5.1 added
security
> >>>>
> >> features
> >>
> >>>> to help avoid the execution of JSON with invalid code or
> >>>>
> >> malicious code
> >>
> >>>> within it.  As a result, JSON created and passed around by
> >>>>
> >> prototype has
> >>
> >>>> /*-secure- before your JSON and */ after it.  If you use
the
> >>>> String.evalJSON() function to parse your information, you
might
> >>>>
> >> need to
> >>
> >>>> explicitly add these strings before and after your JSON to
> >>>>
> >> evaluate it
> >>
> >>>> properly.
> >>>>
> >>>> - Dash -
> >>>>
> >>>> smellis wrote:
> >>>>
> >>>>
> >>>>> Hello Everyone,
> >>>>>
> >>>>>   I upgraded to 1.5.1 today and I have run into a
problem:
> >>>>>
> >> automatic
> >>
> >>>>> JSON evaluation has stopped working.  On the server
side I use
> >>>>> Catalyst, an MVC framework for perl.  I use
> >>>>>
> >> Catalyst::View::JSON to
> >>
> >>>>> turn my perl data structures in to JSON.  Here is what
my response
> >>>>> headers look like:
> >>>>>
> >>>>> Response Headers
> >>>>> Connection    close
> >>>>> Date  Mon, 21 May 2007 15:12:54 GMT
> >>>>> Content-Length        984
> >>>>> Content-Type  application/javascript; charset=utf-8
> >>>>> Set-Cookie
> >>>>>
> >> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
> >>
> >>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT
> >>>>> Status        200
> >>>>> X-Catalyst    5.7007
> >>>>> X-JSON       
eval("("+this.transport.responseText+")")
> >>>>>
> >>>>> The JSON is actually in the response body.  I had to
subclassed my
> >>>>> JSON view to spit out application/javascript, because
the default
> >>>>> content-type (application/json) is not listed in the
prototype
> >>>>> documentation as one that will cause prototype to auto
evaluate
> >>>>>
> >> the
> >>
> >>>>> reponse.  I have tried turning off the X-JSON header
to see if
> >>>>>
> >> that
> >>
> >>>>> was a problem, but it still doesn''t work. 
Any ideas?  Thanks in
> >>>>> advance. -stephan
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>
> >>>
> >
> >
> > >
> >
> >
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

Looks good to me.
 - Dash -

Stephan Ellis wrote:
> OK, so I went over the code, and it appears that as long as the X-JSON
> header does not exist and my Content-type is application/javascript and my
> json in the response body is wrapped with:
>
> /*-secure- (some whitespace) [json data here](some more whitespace) */
>
> It should evaluated the response body.  Am I wrong?
>
> -stephan
>
> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>   
>> Wow ... I didn''t know that about the content-type of the
response body.
>> Thanks.
>> - Dash -
>>
>> Tom Gregory wrote:
>>     
>>> The value of the X-JSON header and whether the response body is
>>> evaluated are separate concerns. If the X-JSON header is present,
and
>>> evals to a json object, it''s passed as the second
parameter to
>>> onSuccess, et al.
>>>
>>> e.x.
>>> onSuccess (transport, json) {
>>>    // ...
>>> }
>>>
>>> The eval of the response body is based on the
"Content-type" header.
>>> If you poke around the code from svn, you''ll find these
lines in
>>> ajax.js:
>>>
>>>        var contentType =
this.getHeader(''Content-type'');
>>>        if (contentType && contentType.strip().
>>>         
match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i))
>>>            this.evalResponse();
>>> // ...
>>>
>>> // ...
>>> evalResponse: function() {
>>>      try {
>>>        return eval((this.transport.responseText ||
'''').unfilterJSON());
>>>      } catch (e) {
>>>        this.dispatchException(e);
>>>      }
>>>    }
>>>
>>> Does that make things any clearer?
>>>
>>>
>>> TAG
>>>
>>> On May 21, 2007, at 12:38 PM, Stephan Ellis wrote:
>>>
>>>
>>>       
>>>> Yes, my framework, specifically my view that generates JSON
sticks
>>>> the X-JSON header in to accommodate prototype.  I guess to
rephrase
>>>> my question, if I turn on the X-JSON header, is it supposed to
>>>> automatically eval the response body?  Sorry if I seem like I
have
>>>> a thick skull :)  Thanks a bunch...
>>>> -stephan
>>>>
>>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>>
>>>> Yes.  If your JSON is in the response body, you will have to
>>>> evaluate it
>>>> yourself.  It must be the framework you''re using which
is creating the
>>>> X-JSON header, perhaps?  For example:
>>>>
>>>> new Ajax.Request("some_page.php", {
>>>>     parameters: {id: 6},
>>>>     onComplete: function(xhr) {
>>>>        var json = xhr.responseText.evalJSON(true);
>>>>        /* ... do something else ... */
>>>>     }
>>>> });
>>>>
>>>> You''re responseText should then be valid JSON.  For
more information,
>>>> see http://prototypejs.org/api/string/evaljson.
>>>>
>>>> - Dash -
>>>>
>>>> Stephan Ellis wrote:
>>>>
>>>>         
>>>>> Dash,
>>>>>   Thanks for the reply.  Are you saying that I have to
evaluate the
>>>>> reponseText myself if the JSON is in the response body?  I
>>>>>
>>>>>           
>>>> configured my
>>>>
>>>>         
>>>>> application to not send the X-JSON header, but prototype is
still
>>>>>
>>>>>           
>>>> not
>>>>
>>>>         
>>>>> evaluating the response body.
>>>>>
>>>>> Thanks,
>>>>> -stephan
>>>>>
>>>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>>>
>>>>>
>>>>>           
>>>>>> The problem is how you''re sending information
in the X-JSON header.
>>>>>> Prototype will try to automatically evaluate anything
in the X-JSON
>>>>>> header assuming that it is a JSON string. 
You''re X-JSON header
>>>>>>
>>>>>>             
>>>> is not a
>>>>
>>>>         
>>>>>> JSON string but rather another call to eval() so the
internal
>>>>>>
>>>>>>             
>>>> Prototype
>>>>
>>>>         
>>>>>> String.evalJSON() function is probably your failure
point.
>>>>>>
>>>>>> Instead, either make "var json =
transport.responseText.evalJSON
>>>>>>
>>>>>>             
>>>> (true)"
>>>>
>>>>         
>>>>>> the first line of your callback function, or make sure
that your
>>>>>>
>>>>>>             
>>>> X-JSON
>>>>
>>>>         
>>>>>> header is *only* a JSON string.
>>>>>>
>>>>>> Also, you should be aware that Prototype 1.5.1 added
security
>>>>>>
>>>>>>             
>>>> features
>>>>
>>>>         
>>>>>> to help avoid the execution of JSON with invalid code
or
>>>>>>
>>>>>>             
>>>> malicious code
>>>>
>>>>         
>>>>>> within it.  As a result, JSON created and passed around
by
>>>>>>
>>>>>>             
>>>> prototype has
>>>>
>>>>         
>>>>>> /*-secure- before your JSON and */ after it.  If you
use the
>>>>>> String.evalJSON() function to parse your information,
you might
>>>>>>
>>>>>>             
>>>> need to
>>>>
>>>>         
>>>>>> explicitly add these strings before and after your JSON
to
>>>>>>
>>>>>>             
>>>> evaluate it
>>>>
>>>>         
>>>>>> properly.
>>>>>>
>>>>>> - Dash -
>>>>>>
>>>>>> smellis wrote:
>>>>>>
>>>>>>
>>>>>>             
>>>>>>> Hello Everyone,
>>>>>>>
>>>>>>>   I upgraded to 1.5.1 today and I have run into a
problem:
>>>>>>>
>>>>>>>               
>>>> automatic
>>>>
>>>>         
>>>>>>> JSON evaluation has stopped working.  On the server
side I use
>>>>>>> Catalyst, an MVC framework for perl.  I use
>>>>>>>
>>>>>>>               
>>>> Catalyst::View::JSON to
>>>>
>>>>         
>>>>>>> turn my perl data structures in to JSON.  Here is
what my response
>>>>>>> headers look like:
>>>>>>>
>>>>>>> Response Headers
>>>>>>> Connection    close
>>>>>>> Date  Mon, 21 May 2007 15:12:54 GMT
>>>>>>> Content-Length        984
>>>>>>> Content-Type  application/javascript; charset=utf-8
>>>>>>> Set-Cookie
>>>>>>>
>>>>>>>               
>>>> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
>>>>
>>>>         
>>>>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT
>>>>>>> Status        200
>>>>>>> X-Catalyst    5.7007
>>>>>>> X-JSON       
eval("("+this.transport.responseText+")")
>>>>>>>
>>>>>>> The JSON is actually in the response body.  I had
to subclassed my
>>>>>>> JSON view to spit out application/javascript,
because the default
>>>>>>> content-type (application/json) is not listed in
the prototype
>>>>>>> documentation as one that will cause prototype to
auto evaluate
>>>>>>>
>>>>>>>               
>>>> the
>>>>
>>>>         
>>>>>>> reponse.  I have tried turning off the X-JSON
header to see if
>>>>>>>
>>>>>>>               
>>>> that
>>>>
>>>>         
>>>>>>> was a problem, but it still doesn''t work. 
Any ideas?  Thanks in
>>>>>>> advance. -stephan
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>           
>>>       
>>>       
>
> >
>
>   
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

OK, so let me show you (according to firebug) the response prototype
is getting from my application.

Response Headers
Connection close
Date Mon, 21 May 2007 19:54:31 GMT
Content-Length 998
Content-Type application/javascript; charset=utf-8
Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
path=/; expires=Mon, 21-May-2007 21:54:31 GMT
Status 200
X-Catalyst 5.7007

Response Body
/*-secure-
{"path_json":[],"files_json":[{"versions":1,"newest_id":64,"is_image":"y","date_added":"04-09-2007
 14:54:50","name":"Water
lilies.jpg","id":59,"date_newest":"04-09-2007
14:54:50"},{"versions":1,"newest_id"
:66,"is_image":"y","date_added":"04-11-2007
15:56:15","name":"Blue
hills.jpg","id":61,"date_newest":"04-11-2007
 15:56:15"}],"folders_json":[{"folders":0,"date":"03-29-2007
19:34:16","files":0,"name":"Billy","id"
:22},{"folders":0,"date":"03-29-2007
19:34:45","files":0,"name":"Kendall","id":24},{"folders":0,"date"
:"03-29-2007
19:35:01","files":0,"name":"Nothing","id":25},{"folders":2,"date":"03-29-2007
19:31:49"
,"files":0,"name":"DB","id":16},{"folders":1,"date":"03-29-2007
19:34:11","files":6,"name":"Angus","id"
:21},{"folders":2,"date":"03-29-2007
19:34:29","files":0,"name":"Tanya","id":23},{"folders":2,"date"
:"03-29-2007
20:34:37","files":0,"name":"Another
folder","id":56},{"folders":2,"date":"04-03-2007
15
:42:23","files":20,"name":"Smellis","id":89}],"parent_json":""}
*/

So, does everyone agree that this should be working?  I am lost.


On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
> Looks good to me.
>  - Dash -
>
> Stephan Ellis wrote:
> > OK, so I went over the code, and it appears that as long as the X-JSON
> > header does not exist and my Content-type is application/javascript
and my
> > json in the response body is wrapped with:
> >
> > /*-secure- (some whitespace) [json data here](some more whitespace) */
> >
> > It should evaluated the response body.  Am I wrong?
> >
> > -stephan
> >
> > On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >
> >> Wow ... I didn''t know that about the content-type of the
response body.
> >> Thanks.
> >> - Dash -
> >>
> >> Tom Gregory wrote:
> >>
> >>> The value of the X-JSON header and whether the response body
is
> >>> evaluated are separate concerns. If the X-JSON header is
present, and
> >>> evals to a json object, it''s passed as the second
parameter to
> >>> onSuccess, et al.
> >>>
> >>> e.x.
> >>> onSuccess (transport, json) {
> >>>    // ...
> >>> }
> >>>
> >>> The eval of the response body is based on the
"Content-type" header.
> >>> If you poke around the code from svn, you''ll find
these lines in
> >>> ajax.js:
> >>>
> >>>        var contentType =
this.getHeader(''Content-type'');
> >>>        if (contentType && contentType.strip().
> >>>         
match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i))
> >>>            this.evalResponse();
> >>> // ...
> >>>
> >>> // ...
> >>> evalResponse: function() {
> >>>      try {
> >>>        return eval((this.transport.responseText ||
'''').unfilterJSON());
> >>>      } catch (e) {
> >>>        this.dispatchException(e);
> >>>      }
> >>>    }
> >>>
> >>> Does that make things any clearer?
> >>>
> >>>
> >>> TAG
> >>>
> >>> On May 21, 2007, at 12:38 PM, Stephan Ellis wrote:
> >>>
> >>>
> >>>
> >>>> Yes, my framework, specifically my view that generates
JSON sticks
> >>>> the X-JSON header in to accommodate prototype.  I guess to
rephrase
> >>>> my question, if I turn on the X-JSON header, is it
supposed to
> >>>> automatically eval the response body?  Sorry if I seem
like I have
> >>>> a thick skull :)  Thanks a bunch...
> >>>> -stephan
> >>>>
> >>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >>>>
> >>>> Yes.  If your JSON is in the response body, you will have
to
> >>>> evaluate it
> >>>> yourself.  It must be the framework you''re using
which is creating the
> >>>> X-JSON header, perhaps?  For example:
> >>>>
> >>>> new Ajax.Request("some_page.php", {
> >>>>     parameters: {id: 6},
> >>>>     onComplete: function(xhr) {
> >>>>        var json = xhr.responseText.evalJSON(true);
> >>>>        /* ... do something else ... */
> >>>>     }
> >>>> });
> >>>>
> >>>> You''re responseText should then be valid JSON. 
For more information,
> >>>> see http://prototypejs.org/api/string/evaljson.
> >>>>
> >>>> - Dash -
> >>>>
> >>>> Stephan Ellis wrote:
> >>>>
> >>>>
> >>>>> Dash,
> >>>>>   Thanks for the reply.  Are you saying that I have to
evaluate the
> >>>>> reponseText myself if the JSON is in the response
body?  I
> >>>>>
> >>>>>
> >>>> configured my
> >>>>
> >>>>
> >>>>> application to not send the X-JSON header, but
prototype is still
> >>>>>
> >>>>>
> >>>> not
> >>>>
> >>>>
> >>>>> evaluating the response body.
> >>>>>
> >>>>> Thanks,
> >>>>> -stephan
> >>>>>
> >>>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>> The problem is how you''re sending
information in the X-JSON header.
> >>>>>> Prototype will try to automatically evaluate
anything in the X-JSON
> >>>>>> header assuming that it is a JSON string. 
You''re X-JSON header
> >>>>>>
> >>>>>>
> >>>> is not a
> >>>>
> >>>>
> >>>>>> JSON string but rather another call to eval() so
the internal
> >>>>>>
> >>>>>>
> >>>> Prototype
> >>>>
> >>>>
> >>>>>> String.evalJSON() function is probably your
failure point.
> >>>>>>
> >>>>>> Instead, either make "var json =
transport.responseText.evalJSON
> >>>>>>
> >>>>>>
> >>>> (true)"
> >>>>
> >>>>
> >>>>>> the first line of your callback function, or make
sure that your
> >>>>>>
> >>>>>>
> >>>> X-JSON
> >>>>
> >>>>
> >>>>>> header is *only* a JSON string.
> >>>>>>
> >>>>>> Also, you should be aware that Prototype 1.5.1
added security
> >>>>>>
> >>>>>>
> >>>> features
> >>>>
> >>>>
> >>>>>> to help avoid the execution of JSON with invalid
code or
> >>>>>>
> >>>>>>
> >>>> malicious code
> >>>>
> >>>>
> >>>>>> within it.  As a result, JSON created and passed
around by
> >>>>>>
> >>>>>>
> >>>> prototype has
> >>>>
> >>>>
> >>>>>> /*-secure- before your JSON and */ after it.  If
you use the
> >>>>>> String.evalJSON() function to parse your
information, you might
> >>>>>>
> >>>>>>
> >>>> need to
> >>>>
> >>>>
> >>>>>> explicitly add these strings before and after your
JSON to
> >>>>>>
> >>>>>>
> >>>> evaluate it
> >>>>
> >>>>
> >>>>>> properly.
> >>>>>>
> >>>>>> - Dash -
> >>>>>>
> >>>>>> smellis wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> Hello Everyone,
> >>>>>>>
> >>>>>>>   I upgraded to 1.5.1 today and I have run
into a problem:
> >>>>>>>
> >>>>>>>
> >>>> automatic
> >>>>
> >>>>
> >>>>>>> JSON evaluation has stopped working.  On the
server side I use
> >>>>>>> Catalyst, an MVC framework for perl.  I use
> >>>>>>>
> >>>>>>>
> >>>> Catalyst::View::JSON to
> >>>>
> >>>>
> >>>>>>> turn my perl data structures in to JSON.  Here
is what my response
> >>>>>>> headers look like:
> >>>>>>>
> >>>>>>> Response Headers
> >>>>>>> Connection    close
> >>>>>>> Date  Mon, 21 May 2007 15:12:54 GMT
> >>>>>>> Content-Length        984
> >>>>>>> Content-Type  application/javascript;
charset=utf-8
> >>>>>>> Set-Cookie
> >>>>>>>
> >>>>>>>
> >>>> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
> >>>>
> >>>>
> >>>>>>> path=/; expires=Mon, 21-May-2007 17:12:54 GMT
> >>>>>>> Status        200
> >>>>>>> X-Catalyst    5.7007
> >>>>>>> X-JSON       
eval("("+this.transport.responseText+")")
> >>>>>>>
> >>>>>>> The JSON is actually in the response body.  I
had to subclassed my
> >>>>>>> JSON view to spit out application/javascript,
because the default
> >>>>>>> content-type (application/json) is not listed
in the prototype
> >>>>>>> documentation as one that will cause prototype
to auto evaluate
> >>>>>>>
> >>>>>>>
> >>>> the
> >>>>
> >>>>
> >>>>>>> reponse.  I have tried turning off the X-JSON
header to see if
> >>>>>>>
> >>>>>>>
> >>>> that
> >>>>
> >>>>
> >>>>>>> was a problem, but it still doesn''t
work.  Any ideas?  Thanks in
> >>>>>>> advance. -stephan
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>
> >>>
> >>>
> >
> > >
> >
> >
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

When I try to evaluate your JSON using Firebug, it tells me there''s an 
invalid label in there somewhere.

 - Dash -

Stephan Ellis wrote:
> OK, so let me show you (according to firebug) the response prototype
> is getting from my application.
>
> Response Headers
> Connection close
> Date Mon, 21 May 2007 19:54:31 GMT
> Content-Length 998
> Content-Type application/javascript; charset=utf-8
> Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
> path=/; expires=Mon, 21-May-2007 21:54:31 GMT
> Status 200
> X-Catalyst 5.7007
>
> Response Body
> /*-secure-
{"path_json":[],"files_json":[{"versions":1,"newest_id":64,"is_image":"y","date_added":"04-09-2007
>  14:54:50","name":"Water
lilies.jpg","id":59,"date_newest":"04-09-2007
> 14:54:50"},{"versions":1,"newest_id"
>
:66,"is_image":"y","date_added":"04-11-2007
15:56:15","name":"Blue
> hills.jpg","id":61,"date_newest":"04-11-2007
> 
15:56:15"}],"folders_json":[{"folders":0,"date":"03-29-2007
>
19:34:16","files":0,"name":"Billy","id"
> :22},{"folders":0,"date":"03-29-2007
>
19:34:45","files":0,"name":"Kendall","id":24},{"folders":0,"date"
> :"03-29-2007
19:35:01","files":0,"name":"Nothing","id":25},{"folders":2,"date":"03-29-2007
> 19:31:49"
>
,"files":0,"name":"DB","id":16},{"folders":1,"date":"03-29-2007
>
19:34:11","files":6,"name":"Angus","id"
> :21},{"folders":2,"date":"03-29-2007
>
19:34:29","files":0,"name":"Tanya","id":23},{"folders":2,"date"
> :"03-29-2007
20:34:37","files":0,"name":"Another
>
folder","id":56},{"folders":2,"date":"04-03-2007
15
>
:42:23","files":20,"name":"Smellis","id":89}],"parent_json":""}
*/
>
> So, does everyone agree that this should be working?  I am lost.
>
>
> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>   
>> Looks good to me.
>>  - Dash -
>>
>> Stephan Ellis wrote:
>>     
>>> OK, so I went over the code, and it appears that as long as the
X-JSON
>>> header does not exist and my Content-type is application/javascript
and my
>>> json in the response body is wrapped with:
>>>
>>> /*-secure- (some whitespace) [json data here](some more whitespace)
*/
>>>
>>> It should evaluated the response body.  Am I wrong?
>>>
>>> -stephan
>>>
>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>
>>>       
>>>> Wow ... I didn''t know that about the content-type of
the response body.
>>>> Thanks.
>>>> - Dash -
>>>>
>>>> Tom Gregory wrote:
>>>>
>>>>         
>>>>> The value of the X-JSON header and whether the response
body is
>>>>> evaluated are separate concerns. If the X-JSON header is
present, and
>>>>> evals to a json object, it''s passed as the second
parameter to
>>>>> onSuccess, et al.
>>>>>
>>>>> e.x.
>>>>> onSuccess (transport, json) {
>>>>>    // ...
>>>>> }
>>>>>
>>>>> The eval of the response body is based on the
"Content-type" header.
>>>>> If you poke around the code from svn, you''ll find
these lines in
>>>>> ajax.js:
>>>>>
>>>>>        var contentType =
this.getHeader(''Content-type'');
>>>>>        if (contentType && contentType.strip().
>>>>>         
match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i))
>>>>>            this.evalResponse();
>>>>> // ...
>>>>>
>>>>> // ...
>>>>> evalResponse: function() {
>>>>>      try {
>>>>>        return eval((this.transport.responseText ||
'''').unfilterJSON());
>>>>>      } catch (e) {
>>>>>        this.dispatchException(e);
>>>>>      }
>>>>>    }
>>>>>
>>>>> Does that make things any clearer?
>>>>>
>>>>>
>>>>> TAG
>>>>>
>>>>> On May 21, 2007, at 12:38 PM, Stephan Ellis wrote:
>>>>>
>>>>>
>>>>>
>>>>>           
>>>>>> Yes, my framework, specifically my view that generates
JSON sticks
>>>>>> the X-JSON header in to accommodate prototype.  I guess
to rephrase
>>>>>> my question, if I turn on the X-JSON header, is it
supposed to
>>>>>> automatically eval the response body?  Sorry if I seem
like I have
>>>>>> a thick skull :)  Thanks a bunch...
>>>>>> -stephan
>>>>>>
>>>>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>>>>
>>>>>> Yes.  If your JSON is in the response body, you will
have to
>>>>>> evaluate it
>>>>>> yourself.  It must be the framework you''re
using which is creating the
>>>>>> X-JSON header, perhaps?  For example:
>>>>>>
>>>>>> new Ajax.Request("some_page.php", {
>>>>>>     parameters: {id: 6},
>>>>>>     onComplete: function(xhr) {
>>>>>>        var json = xhr.responseText.evalJSON(true);
>>>>>>        /* ... do something else ... */
>>>>>>     }
>>>>>> });
>>>>>>
>>>>>> You''re responseText should then be valid JSON.
For more information,
>>>>>> see http://prototypejs.org/api/string/evaljson.
>>>>>>
>>>>>> - Dash -
>>>>>>
>>>>>> Stephan Ellis wrote:
>>>>>>
>>>>>>
>>>>>>             
>>>>>>> Dash,
>>>>>>>   Thanks for the reply.  Are you saying that I have
to evaluate the
>>>>>>> reponseText myself if the JSON is in the response
body?  I
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>> configured my
>>>>>>
>>>>>>
>>>>>>             
>>>>>>> application to not send the X-JSON header, but
prototype is still
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>> not
>>>>>>
>>>>>>
>>>>>>             
>>>>>>> evaluating the response body.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> -stephan
>>>>>>>
>>>>>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>>>> The problem is how you''re sending
information in the X-JSON header.
>>>>>>>> Prototype will try to automatically evaluate
anything in the X-JSON
>>>>>>>> header assuming that it is a JSON string. 
You''re X-JSON header
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>> is not a
>>>>>>
>>>>>>
>>>>>>             
>>>>>>>> JSON string but rather another call to eval()
so the internal
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>> Prototype
>>>>>>
>>>>>>
>>>>>>             
>>>>>>>> String.evalJSON() function is probably your
failure point.
>>>>>>>>
>>>>>>>> Instead, either make "var json =
transport.responseText.evalJSON
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>> (true)"
>>>>>>
>>>>>>
>>>>>>             
>>>>>>>> the first line of your callback function, or
make sure that your
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>> X-JSON
>>>>>>
>>>>>>
>>>>>>             
>>>>>>>> header is *only* a JSON string.
>>>>>>>>
>>>>>>>> Also, you should be aware that Prototype 1.5.1
added security
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>> features
>>>>>>
>>>>>>
>>>>>>             
>>>>>>>> to help avoid the execution of JSON with
invalid code or
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>> malicious code
>>>>>>
>>>>>>
>>>>>>             
>>>>>>>> within it.  As a result, JSON created and
passed around by
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>> prototype has
>>>>>>
>>>>>>
>>>>>>             
>>>>>>>> /*-secure- before your JSON and */ after it. 
If you use the
>>>>>>>> String.evalJSON() function to parse your
information, you might
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>> need to
>>>>>>
>>>>>>
>>>>>>             
>>>>>>>> explicitly add these strings before and after
your JSON to
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>> evaluate it
>>>>>>
>>>>>>
>>>>>>             
>>>>>>>> properly.
>>>>>>>>
>>>>>>>> - Dash -
>>>>>>>>
>>>>>>>> smellis wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>> Hello Everyone,
>>>>>>>>>
>>>>>>>>>   I upgraded to 1.5.1 today and I have run
into a problem:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                   
>>>>>> automatic
>>>>>>
>>>>>>
>>>>>>             
>>>>>>>>> JSON evaluation has stopped working.  On
the server side I use
>>>>>>>>> Catalyst, an MVC framework for perl.  I use
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                   
>>>>>> Catalyst::View::JSON to
>>>>>>
>>>>>>
>>>>>>             
>>>>>>>>> turn my perl data structures in to JSON. 
Here is what my response
>>>>>>>>> headers look like:
>>>>>>>>>
>>>>>>>>> Response Headers
>>>>>>>>> Connection    close
>>>>>>>>> Date  Mon, 21 May 2007 15:12:54 GMT
>>>>>>>>> Content-Length        984
>>>>>>>>> Content-Type  application/javascript;
charset=utf-8
>>>>>>>>> Set-Cookie
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                   
>>>>>> bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
>>>>>>
>>>>>>
>>>>>>             
>>>>>>>>> path=/; expires=Mon, 21-May-2007 17:12:54
GMT
>>>>>>>>> Status        200
>>>>>>>>> X-Catalyst    5.7007
>>>>>>>>> X-JSON       
eval("("+this.transport.responseText+")")
>>>>>>>>>
>>>>>>>>> The JSON is actually in the response body. 
I had to subclassed my
>>>>>>>>> JSON view to spit out
application/javascript, because the default
>>>>>>>>> content-type (application/json) is not
listed in the prototype
>>>>>>>>> documentation as one that will cause
prototype to auto evaluate
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                   
>>>>>> the
>>>>>>
>>>>>>
>>>>>>             
>>>>>>>>> reponse.  I have tried turning off the
X-JSON header to see if
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                   
>>>>>> that
>>>>>>
>>>>>>
>>>>>>             
>>>>>>>>> was a problem, but it still
doesn''t work.  Any ideas?  Thanks in
>>>>>>>>> advance. -stephan
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                   
>>>>>           
>>>       
>
> >
>
>   
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

Hmm, interesting.  Did you remove the /*-secure- */ part?  It works
perfectly with 1.5.0 -stephan

On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
> When I try to evaluate your JSON using Firebug, it tells me
there''s an
> invalid label in there somewhere.
>
>  - Dash -
>
> Stephan Ellis wrote:
> > OK, so let me show you (according to firebug) the response prototype
> > is getting from my application.
> >
> > Response Headers
> > Connection close
> > Date Mon, 21 May 2007 19:54:31 GMT
> > Content-Length 998
> > Content-Type application/javascript; charset=utf-8
> > Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
> > path=/; expires=Mon, 21-May-2007 21:54:31 GMT
> > Status 200
> > X-Catalyst 5.7007
> >
> > Response Body
> > /*-secure-
{"path_json":[],"files_json":[{"versions":1,"newest_id":64,"is_image":"y","date_added":"04-09-2007
> >  14:54:50","name":"Water
lilies.jpg","id":59,"date_newest":"04-09-2007
> > 14:54:50"},{"versions":1,"newest_id"
> >
:66,"is_image":"y","date_added":"04-11-2007
15:56:15","name":"Blue
> >
hills.jpg","id":61,"date_newest":"04-11-2007
> > 
15:56:15"}],"folders_json":[{"folders":0,"date":"03-29-2007
> >
19:34:16","files":0,"name":"Billy","id"
> > :22},{"folders":0,"date":"03-29-2007
> >
19:34:45","files":0,"name":"Kendall","id":24},{"folders":0,"date"
> > :"03-29-2007
19:35:01","files":0,"name":"Nothing","id":25},{"folders":2,"date":"03-29-2007
> > 19:31:49"
> >
,"files":0,"name":"DB","id":16},{"folders":1,"date":"03-29-2007
> >
19:34:11","files":6,"name":"Angus","id"
> > :21},{"folders":2,"date":"03-29-2007
> >
19:34:29","files":0,"name":"Tanya","id":23},{"folders":2,"date"
> > :"03-29-2007
20:34:37","files":0,"name":"Another
> >
folder","id":56},{"folders":2,"date":"04-03-2007
15
> >
:42:23","files":20,"name":"Smellis","id":89}],"parent_json":""}
*/
> >
> > So, does everyone agree that this should be working?  I am lost.
> >
> >
> > On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >
> >> Looks good to me.
> >>  - Dash -
> >>
> >> Stephan Ellis wrote:
> >>
> >>> OK, so I went over the code, and it appears that as long as
the X-JSON
> >>> header does not exist and my Content-type is
application/javascript and my
> >>> json in the response body is wrapped with:
> >>>
> >>> /*-secure- (some whitespace) [json data here](some more
whitespace) */
> >>>
> >>> It should evaluated the response body.  Am I wrong?
> >>>
> >>> -stephan
> >>>
> >>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >>>
> >>>
> >>>> Wow ... I didn''t know that about the content-type
of the response body.
> >>>> Thanks.
> >>>> - Dash -
> >>>>
> >>>> Tom Gregory wrote:
> >>>>
> >>>>
> >>>>> The value of the X-JSON header and whether the
response body is
> >>>>> evaluated are separate concerns. If the X-JSON header
is present, and
> >>>>> evals to a json object, it''s passed as the
second parameter to
> >>>>> onSuccess, et al.
> >>>>>
> >>>>> e.x.
> >>>>> onSuccess (transport, json) {
> >>>>>    // ...
> >>>>> }
> >>>>>
> >>>>> The eval of the response body is based on the
"Content-type" header.
> >>>>> If you poke around the code from svn, you''ll
find these lines in
> >>>>> ajax.js:
> >>>>>
> >>>>>        var contentType =
this.getHeader(''Content-type'');
> >>>>>        if (contentType && contentType.strip().
> >>>>>         
match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i))
> >>>>>            this.evalResponse();
> >>>>> // ...
> >>>>>
> >>>>> // ...
> >>>>> evalResponse: function() {
> >>>>>      try {
> >>>>>        return eval((this.transport.responseText ||
'''').unfilterJSON());
> >>>>>      } catch (e) {
> >>>>>        this.dispatchException(e);
> >>>>>      }
> >>>>>    }
> >>>>>
> >>>>> Does that make things any clearer?
> >>>>>
> >>>>>
> >>>>> TAG
> >>>>>
> >>>>> On May 21, 2007, at 12:38 PM, Stephan Ellis wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> Yes, my framework, specifically my view that
generates JSON sticks
> >>>>>> the X-JSON header in to accommodate prototype.  I
guess to rephrase
> >>>>>> my question, if I turn on the X-JSON header, is it
supposed to
> >>>>>> automatically eval the response body?  Sorry if I
seem like I have
> >>>>>> a thick skull :)  Thanks a bunch...
> >>>>>> -stephan
> >>>>>>
> >>>>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >>>>>>
> >>>>>> Yes.  If your JSON is in the response body, you
will have to
> >>>>>> evaluate it
> >>>>>> yourself.  It must be the framework
you''re using which is creating the
> >>>>>> X-JSON header, perhaps?  For example:
> >>>>>>
> >>>>>> new Ajax.Request("some_page.php", {
> >>>>>>     parameters: {id: 6},
> >>>>>>     onComplete: function(xhr) {
> >>>>>>        var json = xhr.responseText.evalJSON(true);
> >>>>>>        /* ... do something else ... */
> >>>>>>     }
> >>>>>> });
> >>>>>>
> >>>>>> You''re responseText should then be valid
JSON.  For more information,
> >>>>>> see http://prototypejs.org/api/string/evaljson.
> >>>>>>
> >>>>>> - Dash -
> >>>>>>
> >>>>>> Stephan Ellis wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> Dash,
> >>>>>>>   Thanks for the reply.  Are you saying that I
have to evaluate the
> >>>>>>> reponseText myself if the JSON is in the
response body?  I
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>> configured my
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> application to not send the X-JSON header, but
prototype is still
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>> not
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> evaluating the response body.
> >>>>>>>
> >>>>>>> Thanks,
> >>>>>>> -stephan
> >>>>>>>
> >>>>>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>> The problem is how you''re sending
information in the X-JSON header.
> >>>>>>>> Prototype will try to automatically
evaluate anything in the X-JSON
> >>>>>>>> header assuming that it is a JSON string. 
You''re X-JSON header
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>> is not a
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>> JSON string but rather another call to
eval() so the internal
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>> Prototype
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>> String.evalJSON() function is probably
your failure point.
> >>>>>>>>
> >>>>>>>> Instead, either make "var json =
transport.responseText.evalJSON
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>> (true)"
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>> the first line of your callback function,
or make sure that your
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>> X-JSON
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>> header is *only* a JSON string.
> >>>>>>>>
> >>>>>>>> Also, you should be aware that Prototype
1.5.1 added security
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>> features
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>> to help avoid the execution of JSON with
invalid code or
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>> malicious code
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>> within it.  As a result, JSON created and
passed around by
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>> prototype has
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>> /*-secure- before your JSON and */ after
it.  If you use the
> >>>>>>>> String.evalJSON() function to parse your
information, you might
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>> need to
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>> explicitly add these strings before and
after your JSON to
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>> evaluate it
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>> properly.
> >>>>>>>>
> >>>>>>>> - Dash -
> >>>>>>>>
> >>>>>>>> smellis wrote:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>> Hello Everyone,
> >>>>>>>>>
> >>>>>>>>>   I upgraded to 1.5.1 today and I have
run into a problem:
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>> automatic
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>>> JSON evaluation has stopped working. 
On the server side I use
> >>>>>>>>> Catalyst, an MVC framework for perl. 
I use
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>> Catalyst::View::JSON to
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>>> turn my perl data structures in to
JSON.  Here is what my response
> >>>>>>>>> headers look like:
> >>>>>>>>>
> >>>>>>>>> Response Headers
> >>>>>>>>> Connection    close
> >>>>>>>>> Date  Mon, 21 May 2007 15:12:54 GMT
> >>>>>>>>> Content-Length        984
> >>>>>>>>> Content-Type  application/javascript;
charset=utf-8
> >>>>>>>>> Set-Cookie
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>
bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>>> path=/; expires=Mon, 21-May-2007
17:12:54 GMT
> >>>>>>>>> Status        200
> >>>>>>>>> X-Catalyst    5.7007
> >>>>>>>>> X-JSON       
eval("("+this.transport.responseText+")")
> >>>>>>>>>
> >>>>>>>>> The JSON is actually in the response
body.  I had to subclassed my
> >>>>>>>>> JSON view to spit out
application/javascript, because the default
> >>>>>>>>> content-type (application/json) is not
listed in the prototype
> >>>>>>>>> documentation as one that will cause
prototype to auto evaluate
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>> the
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>>> reponse.  I have tried turning off the
X-JSON header to see if
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>> that
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>>> was a problem, but it still
doesn''t work.  Any ideas?  Thanks in
> >>>>>>>>> advance. -stephan
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>
> >>>
> >
> > >
> >
> >
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

Yes, I removed the security filter.  But that you say it works in 1.5.0 
probably means that the whitespace google inserted was screwing things 
up.  What''s going wrong with your app?  What error is being thrown?

 - Dash -

Stephan Ellis wrote:
> Hmm, interesting.  Did you remove the /*-secure- */ part?  It works
> perfectly with 1.5.0 -stephan
>
> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>   
>> When I try to evaluate your JSON using Firebug, it tells me
there''s an
>> invalid label in there somewhere.
>>
>>  - Dash -
>>
>> Stephan Ellis wrote:
>>     
>>> OK, so let me show you (according to firebug) the response
prototype
>>> is getting from my application.
>>>
>>> Response Headers
>>> Connection close
>>> Date Mon, 21 May 2007 19:54:31 GMT
>>> Content-Length 998
>>> Content-Type application/javascript; charset=utf-8
>>> Set-Cookie bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
>>> path=/; expires=Mon, 21-May-2007 21:54:31 GMT
>>> Status 200
>>> X-Catalyst 5.7007
>>>
>>> Response Body
>>> /*-secure-
{"path_json":[],"files_json":[{"versions":1,"newest_id":64,"is_image":"y","date_added":"04-09-2007
>>>  14:54:50","name":"Water
lilies.jpg","id":59,"date_newest":"04-09-2007
>>> 14:54:50"},{"versions":1,"newest_id"
>>>
:66,"is_image":"y","date_added":"04-11-2007
15:56:15","name":"Blue
>>>
hills.jpg","id":61,"date_newest":"04-11-2007
>>> 
15:56:15"}],"folders_json":[{"folders":0,"date":"03-29-2007
>>>
19:34:16","files":0,"name":"Billy","id"
>>> :22},{"folders":0,"date":"03-29-2007
>>>
19:34:45","files":0,"name":"Kendall","id":24},{"folders":0,"date"
>>> :"03-29-2007
19:35:01","files":0,"name":"Nothing","id":25},{"folders":2,"date":"03-29-2007
>>> 19:31:49"
>>>
,"files":0,"name":"DB","id":16},{"folders":1,"date":"03-29-2007
>>>
19:34:11","files":6,"name":"Angus","id"
>>> :21},{"folders":2,"date":"03-29-2007
>>>
19:34:29","files":0,"name":"Tanya","id":23},{"folders":2,"date"
>>> :"03-29-2007
20:34:37","files":0,"name":"Another
>>>
folder","id":56},{"folders":2,"date":"04-03-2007
15
>>>
:42:23","files":20,"name":"Smellis","id":89}],"parent_json":""}
*/
>>>
>>> So, does everyone agree that this should be working?  I am lost.
>>>
>>>
>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>
>>>       
>>>> Looks good to me.
>>>>  - Dash -
>>>>
>>>> Stephan Ellis wrote:
>>>>
>>>>         
>>>>> OK, so I went over the code, and it appears that as long as
the X-JSON
>>>>> header does not exist and my Content-type is
application/javascript and my
>>>>> json in the response body is wrapped with:
>>>>>
>>>>> /*-secure- (some whitespace) [json data here](some more
whitespace) */
>>>>>
>>>>> It should evaluated the response body.  Am I wrong?
>>>>>
>>>>> -stephan
>>>>>
>>>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>>>
>>>>>
>>>>>           
>>>>>> Wow ... I didn''t know that about the
content-type of the response body.
>>>>>> Thanks.
>>>>>> - Dash -
>>>>>>
>>>>>> Tom Gregory wrote:
>>>>>>
>>>>>>
>>>>>>             
>>>>>>> The value of the X-JSON header and whether the
response body is
>>>>>>> evaluated are separate concerns. If the X-JSON
header is present, and
>>>>>>> evals to a json object, it''s passed as the
second parameter to
>>>>>>> onSuccess, et al.
>>>>>>>
>>>>>>> e.x.
>>>>>>> onSuccess (transport, json) {
>>>>>>>    // ...
>>>>>>> }
>>>>>>>
>>>>>>> The eval of the response body is based on the
"Content-type" header.
>>>>>>> If you poke around the code from svn,
you''ll find these lines in
>>>>>>> ajax.js:
>>>>>>>
>>>>>>>        var contentType =
this.getHeader(''Content-type'');
>>>>>>>        if (contentType &&
contentType.strip().
>>>>>>>         
match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i))
>>>>>>>            this.evalResponse();
>>>>>>> // ...
>>>>>>>
>>>>>>> // ...
>>>>>>> evalResponse: function() {
>>>>>>>      try {
>>>>>>>        return eval((this.transport.responseText ||
'''').unfilterJSON());
>>>>>>>      } catch (e) {
>>>>>>>        this.dispatchException(e);
>>>>>>>      }
>>>>>>>    }
>>>>>>>
>>>>>>> Does that make things any clearer?
>>>>>>>
>>>>>>>
>>>>>>> TAG
>>>>>>>
>>>>>>> On May 21, 2007, at 12:38 PM, Stephan Ellis wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>>>> Yes, my framework, specifically my view that
generates JSON sticks
>>>>>>>> the X-JSON header in to accommodate prototype. 
I guess to rephrase
>>>>>>>> my question, if I turn on the X-JSON header, is
it supposed to
>>>>>>>> automatically eval the response body?  Sorry if
I seem like I have
>>>>>>>> a thick skull :)  Thanks a bunch...
>>>>>>>> -stephan
>>>>>>>>
>>>>>>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>>>>>>
>>>>>>>> Yes.  If your JSON is in the response body, you
will have to
>>>>>>>> evaluate it
>>>>>>>> yourself.  It must be the framework
you''re using which is creating the
>>>>>>>> X-JSON header, perhaps?  For example:
>>>>>>>>
>>>>>>>> new Ajax.Request("some_page.php", {
>>>>>>>>     parameters: {id: 6},
>>>>>>>>     onComplete: function(xhr) {
>>>>>>>>        var json =
xhr.responseText.evalJSON(true);
>>>>>>>>        /* ... do something else ... */
>>>>>>>>     }
>>>>>>>> });
>>>>>>>>
>>>>>>>> You''re responseText should then be
valid JSON.  For more information,
>>>>>>>> see http://prototypejs.org/api/string/evaljson.
>>>>>>>>
>>>>>>>> - Dash -
>>>>>>>>
>>>>>>>> Stephan Ellis wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>> Dash,
>>>>>>>>>   Thanks for the reply.  Are you saying
that I have to evaluate the
>>>>>>>>> reponseText myself if the JSON is in the
response body?  I
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                   
>>>>>>>> configured my
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>> application to not send the X-JSON header,
but prototype is still
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                   
>>>>>>>> not
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>> evaluating the response body.
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> -stephan
>>>>>>>>>
>>>>>>>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                   
>>>>>>>>>> The problem is how you''re
sending information in the X-JSON header.
>>>>>>>>>> Prototype will try to automatically
evaluate anything in the X-JSON
>>>>>>>>>> header assuming that it is a JSON
string.  You''re X-JSON header
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>> is not a
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>>> JSON string but rather another call to
eval() so the internal
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>> Prototype
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>>> String.evalJSON() function is probably
your failure point.
>>>>>>>>>>
>>>>>>>>>> Instead, either make "var json =
transport.responseText.evalJSON
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>> (true)"
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>>> the first line of your callback
function, or make sure that your
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>> X-JSON
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>>> header is *only* a JSON string.
>>>>>>>>>>
>>>>>>>>>> Also, you should be aware that
Prototype 1.5.1 added security
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>> features
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>>> to help avoid the execution of JSON
with invalid code or
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>> malicious code
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>>> within it.  As a result, JSON created
and passed around by
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>> prototype has
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>>> /*-secure- before your JSON and */
after it.  If you use the
>>>>>>>>>> String.evalJSON() function to parse
your information, you might
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>> need to
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>>> explicitly add these strings before and
after your JSON to
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>> evaluate it
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>>> properly.
>>>>>>>>>>
>>>>>>>>>> - Dash -
>>>>>>>>>>
>>>>>>>>>> smellis wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>>>>> Hello Everyone,
>>>>>>>>>>>
>>>>>>>>>>>   I upgraded to 1.5.1 today and I
have run into a problem:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                       
>>>>>>>> automatic
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>>>> JSON evaluation has stopped
working.  On the server side I use
>>>>>>>>>>> Catalyst, an MVC framework for
perl.  I use
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                       
>>>>>>>> Catalyst::View::JSON to
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>>>> turn my perl data structures in to
JSON.  Here is what my response
>>>>>>>>>>> headers look like:
>>>>>>>>>>>
>>>>>>>>>>> Response Headers
>>>>>>>>>>> Connection    close
>>>>>>>>>>> Date  Mon, 21 May 2007 15:12:54 GMT
>>>>>>>>>>> Content-Length        984
>>>>>>>>>>> Content-Type 
application/javascript; charset=utf-8
>>>>>>>>>>> Set-Cookie
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                       
>>>>>>>>
bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>>>> path=/; expires=Mon, 21-May-2007
17:12:54 GMT
>>>>>>>>>>> Status        200
>>>>>>>>>>> X-Catalyst    5.7007
>>>>>>>>>>> X-JSON       
eval("("+this.transport.responseText+")")
>>>>>>>>>>>
>>>>>>>>>>> The JSON is actually in the
response body.  I had to subclassed my
>>>>>>>>>>> JSON view to spit out
application/javascript, because the default
>>>>>>>>>>> content-type (application/json) is
not listed in the prototype
>>>>>>>>>>> documentation as one that will
cause prototype to auto evaluate
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                       
>>>>>>>> the
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>>>> reponse.  I have tried turning off
the X-JSON header to see if
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                       
>>>>>>>> that
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>>>> was a problem, but it still
doesn''t work.  Any ideas?  Thanks in
>>>>>>>>>>> advance. -stephan
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                       
>>>       
>
> >
>
>   
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

via onException, I get two errors, json has no values and invalid
label.  It''s wierd, but my json is valid as far as I can tell.  I
can''t think of a reason why it would be valid in 1.5 but not in 1.5.1
Wierd huh? -stephan

On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
> Yes, I removed the security filter.  But that you say it works in 1.5.0
> probably means that the whitespace google inserted was screwing things
> up.  What''s going wrong with your app?  What error is being
thrown?
>
>  - Dash -
>
> Stephan Ellis wrote:
> > Hmm, interesting.  Did you remove the /*-secure- */ part?  It works
> > perfectly with 1.5.0 -stephan
> >
> > On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >
> >> When I try to evaluate your JSON using Firebug, it tells me
there''s an
> >> invalid label in there somewhere.
> >>
> >>  - Dash -
> >>
> >> Stephan Ellis wrote:
> >>
> >>> OK, so let me show you (according to firebug) the response
prototype
> >>> is getting from my application.
> >>>
> >>> Response Headers
> >>> Connection close
> >>> Date Mon, 21 May 2007 19:54:31 GMT
> >>> Content-Length 998
> >>> Content-Type application/javascript; charset=utf-8
> >>> Set-Cookie
bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
> >>> path=/; expires=Mon, 21-May-2007 21:54:31 GMT
> >>> Status 200
> >>> X-Catalyst 5.7007
> >>>
> >>> Response Body
> >>> /*-secure-
{"path_json":[],"files_json":[{"versions":1,"newest_id":64,"is_image":"y","date_added":"04-09-2007
> >>>  14:54:50","name":"Water
lilies.jpg","id":59,"date_newest":"04-09-2007
> >>> 14:54:50"},{"versions":1,"newest_id"
> >>>
:66,"is_image":"y","date_added":"04-11-2007
15:56:15","name":"Blue
> >>>
hills.jpg","id":61,"date_newest":"04-11-2007
> >>> 
15:56:15"}],"folders_json":[{"folders":0,"date":"03-29-2007
> >>>
19:34:16","files":0,"name":"Billy","id"
> >>> :22},{"folders":0,"date":"03-29-2007
> >>>
19:34:45","files":0,"name":"Kendall","id":24},{"folders":0,"date"
> >>> :"03-29-2007
19:35:01","files":0,"name":"Nothing","id":25},{"folders":2,"date":"03-29-2007
> >>> 19:31:49"
> >>>
,"files":0,"name":"DB","id":16},{"folders":1,"date":"03-29-2007
> >>>
19:34:11","files":6,"name":"Angus","id"
> >>> :21},{"folders":2,"date":"03-29-2007
> >>>
19:34:29","files":0,"name":"Tanya","id":23},{"folders":2,"date"
> >>> :"03-29-2007
20:34:37","files":0,"name":"Another
> >>>
folder","id":56},{"folders":2,"date":"04-03-2007
15
> >>>
:42:23","files":20,"name":"Smellis","id":89}],"parent_json":""}
*/
> >>>
> >>> So, does everyone agree that this should be working?  I am
lost.
> >>>
> >>>
> >>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >>>
> >>>
> >>>> Looks good to me.
> >>>>  - Dash -
> >>>>
> >>>> Stephan Ellis wrote:
> >>>>
> >>>>
> >>>>> OK, so I went over the code, and it appears that as
long as the X-JSON
> >>>>> header does not exist and my Content-type is
application/javascript and my
> >>>>> json in the response body is wrapped with:
> >>>>>
> >>>>> /*-secure- (some whitespace) [json data here](some
more whitespace) */
> >>>>>
> >>>>> It should evaluated the response body.  Am I wrong?
> >>>>>
> >>>>> -stephan
> >>>>>
> >>>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>> Wow ... I didn''t know that about the
content-type of the response body.
> >>>>>> Thanks.
> >>>>>> - Dash -
> >>>>>>
> >>>>>> Tom Gregory wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> The value of the X-JSON header and whether the
response body is
> >>>>>>> evaluated are separate concerns. If the X-JSON
header is present, and
> >>>>>>> evals to a json object, it''s passed
as the second parameter to
> >>>>>>> onSuccess, et al.
> >>>>>>>
> >>>>>>> e.x.
> >>>>>>> onSuccess (transport, json) {
> >>>>>>>    // ...
> >>>>>>> }
> >>>>>>>
> >>>>>>> The eval of the response body is based on the
"Content-type" header.
> >>>>>>> If you poke around the code from svn,
you''ll find these lines in
> >>>>>>> ajax.js:
> >>>>>>>
> >>>>>>>        var contentType =
this.getHeader(''Content-type'');
> >>>>>>>        if (contentType &&
contentType.strip().
> >>>>>>>         
match(/^(text|application)\/(x-)?(java|ecma)script(;.*)?$/i))
> >>>>>>>            this.evalResponse();
> >>>>>>> // ...
> >>>>>>>
> >>>>>>> // ...
> >>>>>>> evalResponse: function() {
> >>>>>>>      try {
> >>>>>>>        return
eval((this.transport.responseText || '''').unfilterJSON());
> >>>>>>>      } catch (e) {
> >>>>>>>        this.dispatchException(e);
> >>>>>>>      }
> >>>>>>>    }
> >>>>>>>
> >>>>>>> Does that make things any clearer?
> >>>>>>>
> >>>>>>>
> >>>>>>> TAG
> >>>>>>>
> >>>>>>> On May 21, 2007, at 12:38 PM, Stephan Ellis
wrote:
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>> Yes, my framework, specifically my view
that generates JSON sticks
> >>>>>>>> the X-JSON header in to accommodate
prototype.  I guess to rephrase
> >>>>>>>> my question, if I turn on the X-JSON
header, is it supposed to
> >>>>>>>> automatically eval the response body? 
Sorry if I seem like I have
> >>>>>>>> a thick skull :)  Thanks a bunch...
> >>>>>>>> -stephan
> >>>>>>>>
> >>>>>>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >>>>>>>>
> >>>>>>>> Yes.  If your JSON is in the response
body, you will have to
> >>>>>>>> evaluate it
> >>>>>>>> yourself.  It must be the framework
you''re using which is creating the
> >>>>>>>> X-JSON header, perhaps?  For example:
> >>>>>>>>
> >>>>>>>> new
Ajax.Request("some_page.php", {
> >>>>>>>>     parameters: {id: 6},
> >>>>>>>>     onComplete: function(xhr) {
> >>>>>>>>        var json =
xhr.responseText.evalJSON(true);
> >>>>>>>>        /* ... do something else ... */
> >>>>>>>>     }
> >>>>>>>> });
> >>>>>>>>
> >>>>>>>> You''re responseText should then
be valid JSON.  For more information,
> >>>>>>>> see
http://prototypejs.org/api/string/evaljson.
> >>>>>>>>
> >>>>>>>> - Dash -
> >>>>>>>>
> >>>>>>>> Stephan Ellis wrote:
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>> Dash,
> >>>>>>>>>   Thanks for the reply.  Are you
saying that I have to evaluate the
> >>>>>>>>> reponseText myself if the JSON is in
the response body?  I
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>> configured my
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>> application to not send the X-JSON
header, but prototype is still
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>> not
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>> evaluating the response body.
> >>>>>>>>>
> >>>>>>>>> Thanks,
> >>>>>>>>> -stephan
> >>>>>>>>>
> >>>>>>>>> On 5/21/07, David Dashifen Kees
<dashifen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>> The problem is how you''re
sending information in the X-JSON header.
> >>>>>>>>>> Prototype will try to
automatically evaluate anything in the X-JSON
> >>>>>>>>>> header assuming that it is a JSON
string.  You''re X-JSON header
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>> is not a
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>> JSON string but rather another
call to eval() so the internal
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>> Prototype
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>> String.evalJSON() function is
probably your failure point.
> >>>>>>>>>>
> >>>>>>>>>> Instead, either make "var
json = transport.responseText.evalJSON
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>> (true)"
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>> the first line of your callback
function, or make sure that your
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>> X-JSON
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>> header is *only* a JSON string.
> >>>>>>>>>>
> >>>>>>>>>> Also, you should be aware that
Prototype 1.5.1 added security
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>> features
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>> to help avoid the execution of
JSON with invalid code or
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>> malicious code
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>> within it.  As a result, JSON
created and passed around by
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>> prototype has
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>> /*-secure- before your JSON and */
after it.  If you use the
> >>>>>>>>>> String.evalJSON() function to
parse your information, you might
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>> need to
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>> explicitly add these strings
before and after your JSON to
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>> evaluate it
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>> properly.
> >>>>>>>>>>
> >>>>>>>>>> - Dash -
> >>>>>>>>>>
> >>>>>>>>>> smellis wrote:
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>> Hello Everyone,
> >>>>>>>>>>>
> >>>>>>>>>>>   I upgraded to 1.5.1 today
and I have run into a problem:
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>> automatic
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>>> JSON evaluation has stopped
working.  On the server side I use
> >>>>>>>>>>> Catalyst, an MVC framework for
perl.  I use
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>> Catalyst::View::JSON to
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>>> turn my perl data structures
in to JSON.  Here is what my response
> >>>>>>>>>>> headers look like:
> >>>>>>>>>>>
> >>>>>>>>>>> Response Headers
> >>>>>>>>>>> Connection    close
> >>>>>>>>>>> Date  Mon, 21 May 2007
15:12:54 GMT
> >>>>>>>>>>> Content-Length        984
> >>>>>>>>>>> Content-Type 
application/javascript; charset=utf-8
> >>>>>>>>>>> Set-Cookie
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>
bg2_session=5279b9253f970f84dd032ec4a00ba2a34dcff66c;
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>>> path=/; expires=Mon,
21-May-2007 17:12:54 GMT
> >>>>>>>>>>> Status        200
> >>>>>>>>>>> X-Catalyst    5.7007
> >>>>>>>>>>> X-JSON       
eval("("+this.transport.responseText+")")
> >>>>>>>>>>>
> >>>>>>>>>>> The JSON is actually in the
response body.  I had to subclassed my
> >>>>>>>>>>> JSON view to spit out
application/javascript, because the default
> >>>>>>>>>>> content-type
(application/json) is not listed in the prototype
> >>>>>>>>>>> documentation as one that will
cause prototype to auto evaluate
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>> the
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>>> reponse.  I have tried turning
off the X-JSON header to see if
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>> that
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>>>> was a problem, but it still
doesn''t work.  Any ideas?  Thanks in
> >>>>>>>>>>> advance. -stephan
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>
> >
> > >
> >
> >
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

That''s a bug introduced in 1.5.1:
http://dev.rubyonrails.org/ticket/8271



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

Hello,

I''m getting errors when I pass a "?" or a "#" to my
server side code.  So
for instance, let''s say I''m saving a "name" and a
"memo", and someone
decides to include a "?" in the text of their memo.  It causes an
error when
sent to the server side code.  Is there a way, in Prototype, to make sure it
passes the whole string and to not interpret pieces of the string passed
in?  I am passing the string in as $(''txtMemo'').value, for
example.

(when it''s a numeric value, and in other cases I pre-process the string
on
the server side to avoid SQL-injection, etc, but these two characters in
particular, "?", or "#" are causing the error to occur).

Many thanks for any heads up there.
cheers,
Mark

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

It would be really useful if the data JSON data was urlencoded before
going in to the header and automatically urldecoded in prototype. This
would allow for all the all sorts of odd characters to be included.

On 22/05/07, Mark Holton
<holtonma-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Hello,
>
> I''m getting errors when I pass a "?" or a "#"
to my server side code.  So
> for instance, let''s say I''m saving a "name" and
a "memo", and someone
> decides to include a "?" in the text of their memo.  It causes an
error when
> sent to the server side code.  Is there a way, in Prototype, to make sure
it
> passes the whole string and to not interpret pieces of the string passed
in?
>  I am passing the string in as $(''txtMemo'').value, for
example.
>
> (when it''s a numeric value, and in other cases I pre-process the
string on
> the server side to avoid SQL-injection, etc, but these two characters in
> particular, "?", or "#" are causing the error to
occur).
>
> Many thanks for any heads up there.
> cheers,
> Mark
>
>
>  >
>

-- 
-----
Richard Quadling
Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731
"Standing on the shoulders of some very clever giants!"

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

Could you not put the data with reserved characters in the postBody?

On May 22, 3:07 am, "Richard Quadling"
<rquadl...-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org>
wrote:
> It would be really useful if the data JSON data was urlencoded before
> going in to the header and automatically urldecoded in prototype. This
> would allow for all the all sorts of odd characters to be included.
>
> On 22/05/07, Mark Holton
<holto...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>
>
> > Hello,
>
> > I''m getting errors when I pass a "?" or a
"#" to my server side code.  So
> > for instance, let''s say I''m saving a
"name" and a "memo", and someone
> > decides to include a "?" in the text of their memo.  It
causes an error when
> > sent to the server side code.  Is there a way, in Prototype, to make
sure it
> > passes the whole string and to not interpret pieces of the string
passed in?
> >  I am passing the string in as $(''txtMemo'').value,
for example.
>
> > (when it''s a numeric value, and in other cases I pre-process
the string on
> > the server side to avoid SQL-injection, etc, but these two characters
in
> > particular, "?", or "#" are causing the error to
occur).
>
> > Many thanks for any heads up there.
> > cheers,
> > Mark
>
> --
> -----
> Richard Quadling
> Zend Certified Engineer
:http://zend.com/zce.php?c=ZEND002498&r=213474731
> "Standing on the shoulders of some very clever giants!"

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---