Re: Security in gwt application.

On Wednesday, April 17, 2013 3:20:09 PM UTC+2, Shashank Raj Holavanalli wrote:

Thomas,

I am using GWT 2.0.3 and this is being generated in the *.nocache.js.

Come on, 2.0.3 is 3 damn years old!

 

Is there any solution to this ? This clearly seems like an XSS vulnerability to me. Have you fixed this in the later version ? If yes then which one ?

There's been a few security fixes in latest versions (though not related to this one).

AFAICT, assuming this is from computeBaseUrl(), this code will almost never be called (it depends how you load the nocache.js), so there should be no vulnerability in practice.

It'd help if you could give more info as to which code exactly you're talking about (compile with -style PRETTY so the JS won't be obfuscated).

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.