javascript - Difference between eval and window.json.parse for a dealing with a responseText? -

-

i have following code @ hand

var finalcompletedata = eval("("+jsonresponse.responsetext+")");

when used this, received security flaw error in fortify saying might lead javascript hacking. so, changed

var finalcompletedata = window.json.parse(jsonresponse.responsetext);

for this, fortify did not show error. window.json.parse method ?

can please explain. in advance :-)

eval execute javascript code supposed evaluate, , evaluates highest level of security. means if response text returns non-json code, valid javascript, eval execute it. sky limit this, can add new functions, change variables, redirect page.

with window.json.parse json evaluated, risk of rogue code getting entered much less.


Comments

Post a Comment

Popular posts from this blog

Cursor error with postgresql, pgpool and php -

-
hey, struggling bit determine exact cause of error has been popping in our release environment. there not seem dealing particular error on google. this error message getting: sqlstate[34000]: invalid cursor name: 7 error: portal "" not exist the error pops when using pdo prepared statements. this setup our release environment: pgpool 3.0.1 (the postgresql backend in streaming replication mode!) php 5.3.5 postgresql 9.0 edit: architecture 64bit. the same error not manifest in our test environment (edit: forgot mention, standard test environment uses postgresql 9.0 without pgpool). thus, led suspect pgpool @ least partly suspect. does know probable causes error are? edit: ok, here example of kind of code causes error. $sql = 'select * '; $sql .= 'from "mytable" "mystuff" '; $sql .= 'where "mytable"."status" = 1 '; $sql .= 'and "mytable"."mytableid" = :table
Read more

c# - how to write client side events functions for the combobox items -

-
<dx:aspxcombobox id="aspxcombobox2" runat="server" clientidmode="autoid" selectedindex="-1" onselectedindexchanged="aspxcombobox1_selectedindexchanged1" > <clientsideevents selectedindexchanged="function(s, e) { grid.selectrows();}" /> <items> <dx:listedititem text="selecte rows" /> <dx:listedititem text="unselectall" /> </items> </dx:aspxcombobox> i want write event "unselect all" item in combobox. how can this? you'll need write javascript function iterates thru combo-box , marks selected items false. see select/unselect checkbox fields using pure javascript , html sample code msdn:
Read more

ssh client with paramiko (python) -

-
# sshpy v1 s0urd # simple ssh client # irc.gonullyourself.org 6667 #code import paramiko import os ssh = paramiko.sshclient() ssh.set_missing_host_key_policy(paramiko.autoaddpolicy()) privatekey = os.path.expanduser('/home/rabia/private') mkey = paramiko.rsakey.from_private_key_file(privatekey) ssh.connect('78.46.172.47', port=22, username='s0urd', password=none, pkey=mkey) while true: pick = raw_input("sshpy: ") stdin, stdout, stderr = ssh.exec_command(pick) print stdout.readlines() ssh.close() when try run more 1 command error: attributeerror: 'nonetype' object has no attribute 'open_session' looks it's because @ end of while loop ssh.close() (thus closing session).
Read more