portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Weaver, Scott" <weav...@ugs.com>
Subject RE: Modifying the Jetspeed Desktop
Date Mon, 23 Apr 2007 19:12:17 GMT
Santiago,

Actually, I use JSON for all of my AJA(X) work.  The XPath is just for manipulating the DOM
of an existing page.  I use a combination of jQuery's built-in JSON support along with JSONStringify
(http://www.thomasfrank.se/json_stringify_revisited.html) for the front end and JSONLib (http://json-lib.sourceforge.net/)
on the back end.  In fact, I wrote a complete JSON-based customization pipeline for my J2
portal.

However, you must be aware of the security concerns when using JSON.  If not secured properly,
you can leave your end-users and your application open to x-site scripting attacks as documented
here, http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf

-scott

> -----Original Message-----
> From: Santiago Gala [mailto:santiago.gala@gmail.com] On Behalf Of Santiago
> Gala
> Sent: Monday, April 23, 2007 2:41 PM
> To: Jetspeed Developers List
> Subject: RE: Modifying the Jetspeed Desktop
> 
> El lun, 23-04-2007 a las 11:27 -0400, Weaver, Scott escribió:
> (...)
> > I actually wanted to write javascript, well at least writing it the
> > jQuery way ;-). jQuery uses XPath for traversing the DOM and is quite
> > quick at it.
> 
> Why not JSON ( www.json.org ) ? it is way simpler to handle, plus it
> does not require well-formed XML. Well-formedness was my killer in our
> first attempt at client-side aggregation.
> 
> JSON is generated and parsed very easily, in java, ruby, python, perl,
> and, of course, javascript.
> 
> Regards
> Santiago
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message