portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Santiago Gala <santiago.g...@gmail.com>
Subject RE: Modifying the Jetspeed Desktop
Date Tue, 24 Apr 2007 06:17:01 GMT
El lun, 23-04-2007 a las 15:12 -0400, Weaver, Scott escribió:
> Santiago,
> 
> Actually, I use JSON for all of my AJA(X) work.  The XPath is just for
>  manipulating the DOM of an existing page.  I use a combination of
>  jQuery's built-in JSON support along with JSONStringify
>  (http://www.thomasfrank.se/json_stringify_revisited.html) for the
>  front end and JSONLib (http://json-lib.sourceforge.net/) on the back
>  end.  In fact, I wrote a complete JSON-based customization pipeline
>  for my J2 portal.
> 

Cool, I thought it was for selection on the answers.

> However, you must be aware of the security concerns when using JSON. 
>  If not secured properly, you can leave your end-users and your
>  application open to x-site scripting attacks as documented here,
>  http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
> 

I'm aware, but using XML only hides that the possibility of such attacks
is there, only a bit more difficult to happen. :)

Regards
Santiago

> -scott
> 
> > -----Original Message-----
> > From: Santiago Gala [mailto:santiago.gala@gmail.com] On Behalf Of Santiago
> > Gala
> > Sent: Monday, April 23, 2007 2:41 PM
> > To: Jetspeed Developers List
> > Subject: RE: Modifying the Jetspeed Desktop
> > 
> > El lun, 23-04-2007 a las 11:27 -0400, Weaver, Scott escribió:
> > (...)
> > > I actually wanted to write javascript, well at least writing it the
> > > jQuery way ;-). jQuery uses XPath for traversing the DOM and is quite
> > > quick at it.
> > 
> > Why not JSON ( www.json.org ) ? it is way simpler to handle, plus it
> > does not require well-formed XML. Well-formedness was my killer in our
> > first attempt at client-side aggregation.
> > 
> > JSON is generated and parsed very easily, in java, ruby, python, perl,
> > and, of course, javascript.
> > 
> > Regards
> > Santiago
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> > For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message