/ 
Jifty-0.60507
/ Jifty::Mason::Halo
Security Advisories (4)
CPANSA-Jifty-2011-01 (2011-03-17)

The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations. This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.

CPANSA-Jifty-2009-01 (2009-04-09)

The REST plugin would let you call any method on the model.

CPANSA-Jifty-2008-01 (2009-04-08)

Allowed all actions on GET.

CPANSA-Jifty-2006-01 (2006-07-06)

Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the "standalone" webserver in production, the attacker could gain read only access to local files.

NAME

Jifty::Mason::Halo

DESCRIPTION

start_component_hook CONTEXT_OBJECT

Whenever we start to render a component, check to see if we can draw a halo around the component.

Either way, record halo metadata.

end_component_hook CONTEXT_OBJECT

When we're done rendering a component, record how long it took and close off the halo span if we have one.

_unrendered_component CONTEXT

Returns true if we're not currently inside the "Body" section of the webpage OR the current component is a subcomponent. (Rendering halos for subcomponents being too "heavy")

render_component_tree

Once we're just about to finish rendering our HTML page (just before the </body> tag, we should call render_component_tree to output all the halo data and metadata.