snake.xhtml

kpreisser Thu, 26 Sep 2013 08:22:08 -0700

Author: kpreisser
Date: Thu Sep 26 15:21:06 2013
New Revision: 1526565

URL: http://svn.apache.org/r1526565
Log:
Improve Snake Websocket example:
- Fix invalid JSON syntax (Strings always need to be in double-quotes)
- In JavaScript, use JSON.parse() instead of eval() to parse JSON strings, to 
avoid potential security problems.


Modified:
    tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/Snake.java
    
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeAnnotation.java
    
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeTimer.java
    tomcat/trunk/webapps/examples/websocket/snake.xhtml

Modified: 
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/Snake.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/Snake.java?rev=1526565&r1=1526564&r2=1526565&view=diff
==============================================================================
--- tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/Snake.java 
(original)
+++ tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/Snake.java 
Thu Sep 26 15:21:06 2013
@@ -52,12 +52,12 @@ public class Snake {
 
     private synchronized void kill() {
         resetState();
-        sendMessage("{'type': 'dead'}");
+        sendMessage("{\"type\": \"dead\"}");
     }
 
     private synchronized void reward() {
         length++;
-        sendMessage("{'type': 'kill'}");
+        sendMessage("{\"type\": \"kill\"}");
     }
 
 
@@ -121,14 +121,14 @@ public class Snake {
 
     public synchronized String getLocationsJson() {
         StringBuilder sb = new StringBuilder();
-        sb.append(String.format("{x: %d, y: %d}",
+        sb.append(String.format("{\"x\": %d, \"y\": %d}",
                 Integer.valueOf(head.x), Integer.valueOf(head.y)));
         for (Location location : tail) {
             sb.append(',');
-            sb.append(String.format("{x: %d, y: %d}",
+            sb.append(String.format("{\"x\": %d, \"y\": %d}",
                     Integer.valueOf(location.x), Integer.valueOf(location.y)));
         }
-        return String.format("{'id':%d,'body':[%s]}",
+        return String.format("{\"id\":%d,\"body\":[%s]}",
                 Integer.valueOf(id), sb.toString());
     }
 

Modified: 
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeAnnotation.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeAnnotation.java?rev=1526565&r1=1526564&r2=1526565&view=diff
==============================================================================
--- 
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeAnnotation.java
 (original)
+++ 
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeAnnotation.java
 Thu Sep 26 15:21:06 2013
@@ -79,13 +79,13 @@ public class SnakeAnnotation {
         for (Iterator<Snake> iterator = SnakeTimer.getSnakes().iterator();
                 iterator.hasNext();) {
             Snake snake = iterator.next();
-            sb.append(String.format("{id: %d, color: '%s'}",
+            sb.append(String.format("{\"id\": %d, \"color\": \"%s\"}",
                     Integer.valueOf(snake.getId()), snake.getHexColor()));
             if (iterator.hasNext()) {
                 sb.append(',');
             }
         }
-        SnakeTimer.broadcast(String.format("{'type': 'join','data':[%s]}",
+        SnakeTimer.broadcast(String.format("{\"type\": 
\"join\",\"data\":[%s]}",
                 sb.toString()));
     }
 
@@ -107,7 +107,7 @@ public class SnakeAnnotation {
     @OnClose
     public void onClose() {
         SnakeTimer.removeSnake(snake);
-        SnakeTimer.broadcast(String.format("{'type': 'leave', 'id': %d}",
+        SnakeTimer.broadcast(String.format("{\"type\": \"leave\", \"id\": %d}",
                 Integer.valueOf(id)));
     }
 }

Modified: 
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeTimer.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeTimer.java?rev=1526565&r1=1526564&r2=1526565&view=diff
==============================================================================
--- 
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeTimer.java 
(original)
+++ 
tomcat/trunk/webapps/examples/WEB-INF/classes/websocket/snake/SnakeTimer.java 
Thu Sep 26 15:21:06 2013
@@ -73,7 +73,7 @@ public class SnakeTimer {
                 sb.append(',');
             }
         }
-        broadcast(String.format("{'type': 'update', 'data' : [%s]}",
+        broadcast(String.format("{\"type\": \"update\", \"data\" : [%s]}",
                 sb.toString()));
     }
 

Modified: tomcat/trunk/webapps/examples/websocket/snake.xhtml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/examples/websocket/snake.xhtml?rev=1526565&r1=1526564&r2=1526565&view=diff
==============================================================================
--- tomcat/trunk/webapps/examples/websocket/snake.xhtml (original)
+++ tomcat/trunk/webapps/examples/websocket/snake.xhtml Thu Sep 26 15:21:06 2013
@@ -209,8 +209,7 @@
             };
 
             Game.socket.onmessage = function (message) {
-                // _Potential_ security hole, consider using json lib to parse 
data in production.
-                var packet = eval('(' + message.data + ')');
+                var packet = JSON.parse(message.data);
                 switch (packet.type) {
                     case 'update':
                         for (var i = 0; i < packet.data.length; i++) {



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1526565 - in /tomcat/trunk/webapps/examples: WEB-INF/classes/websocket/snake/Snake.java WEB-INF/classes/websocket/snake/SnakeAnnotation.java WEB-INF/classes/websocket/snake/SnakeTimer.java websocket/snake.xhtml

Reply via email to