Revolver 2.2.1 Released


May 7, 2014 by Alistair Deneys

Revolver 2.2.1 has just been released and is now available over at codeflood. This is a rather small release to address 2 specific issues. You will find the downloads for the Sitecore package on the Revolver Download Page.

The first issue addressed was a security concern in the Javascript of the Revolver client. Thanks goes to Marcin Okon of who raised the concern and helped verify the fix, so thanks Marcin.

The security concern was around the use of the eval() function to turn the JSON response into a Javascript object that was then used to populate the client UI. However eval() can be used to evaluate and execute any arbitrary Javascript code, so if possible it’s best to avoid it in favour of a safer option. Revolver will now use JSON.parse() on newer browsers and the utilities provided by prototype.js if the JSON object is not available (I’m looking in your direction older IE…)

The second issue isn’t really an issue, it’s Sitecore version support. Revolver now supports Sitecore 7.2 and 7.5 (for those lucky enough to have access to 7.5 already). So we’ve now got from Sitecore version 6.0 up to 7.5 covered.


2 thoughts on “Revolver 2.2.1 Released

  1. Aaron Powell says:

    Err, JSON.parse has been in every version of IE since IE8 –

    Are you really supporting IE7?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


The views expressed on this blog are solely my own and do not necessarily reflect the views of my employer.
%d bloggers like this: