Launchpad itself

Merge lp://staging/~cjwatson/launchpad/safer-ajax-strings into lp://staging/launchpad

safer-ajax-strings
Merge into devel

Proposed by Colin Watson on 2015-10-12

Status:

Merged

Merged at revision:

17815

Proposed branch:

lp://staging/~cjwatson/launchpad/safer-ajax-strings

Merge into:

lp://staging/launchpad

Diff against target:

25 lines (+3/-2)

2 files modified

lib/lp/app/javascript/client.js (+2/-1)
lib/lp/app/javascript/tests/test_lp_client.js (+1/-1)

To merge this branch:

bzr merge lp://staging/~cjwatson/launchpad/safer-ajax-strings

Low

In Progress

Link a bug report

Reviewer	Review Type	Date Requested	Status
William Grant (community)	code	2015-10-12	Approve on 2015-10-12
Roberto Alsina (community)			Approve on 2015-10-12
Review via email: mp+274166@code.staging.launchpad.net

Commit message

Make the JS webservice client stringify string parameters rather than relying on lazr.restful's dodgy special casing.

Description of the change

lazr.restful has a special case in marshall_from_request that allows clients to get away without stringifying string parameters, but this is somewhat dodgy: for example, it crashes if a parameter consists only of whitespace, which is possible if you try to submit a vote on a merge proposal including a single space as the comment (https://oops.canonical.com/?oopsid=OOPS-bb42b8f55c6448f820a2539605e06ea3). Rather than relying on this, I think it's better to encode string parameters as JSON strings.

I left ws.op unencoded, as that seemed likely to result in test fallout, and that parameter will always be an identifier anyway.

Revision history for this message